This is the accessible text file for GAO report number GAO-03-119 entitled 'High-Risk Series: An Update' which was released on January 01, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products’ accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. January 2003: High-Risk Series: An Update: GAO-03-119: This Series This report entitled High-Risk Series: An Update is part of a special GAO series, first issued in 1993 and periodically updated. In this 2003 report, GAO identifies areas at high risk due to either their greater vulnerabilities to waste, fraud, abuse, and mismanagement or major challenges associated with their economy, efficiency, or effectiveness. This series also includes reports on three crosscutting high-risk areas: strategic human capital management, protecting information systems supporting the federal government and the nation’s critical infrastructures, and federal real property. A companion series, Performance and Accountability Series: Major Management Challenges and Program Risks, contains separate reports covering each cabinet department, most major independent agencies, and the U.S. Postal Service. It also includes a governmentwide perspective on transforming the way the government does business in order to meet 21st century challenges and address long-term fiscal needs. A list of all of the reports in this series is included at the end of this report. GAO Highlights: Highlights of GAO-03-119, a report to Congress on GAO’s High-Risk Series Why Area is High Risk: GAO’s audits and evaluations identify federal programs and operations that are high risk, in some cases, due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. Increasingly, we also are identifying high-risk areas to focus on major economy, efficiency, or effectiveness challenges. Since 1990, GAO has periodically reported on government operations that it has designated as high risk. In this 2003 update for the new 108th Congress, GAO presents the status of high-risk areas included in our last report made in January 2001 and identifies new high-risk areas warranting attention by the Congress and the administration. Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. What GAO Found: In 2001, GAO identified 23 high-risk areas. Since then, demonstrable progress has been made in virtually all of them. Federal departments and agencies, and the Congress as well, have shown a growing commitment to addressing management challenges and have taken new steps to correct the root causes of the problems. In two areas, the Supplemental Security Income program and the asset forfeiture programs managed by the Departments of Justice and the Treasury, GAO has determined that sufficient progress has been made to remove the high-risk designation. GAO has increasingly used the high-risk designation to draw attention to the challenges faced by government programs and operations in need of broad-based transformation. For example, in 2001, GAO designated as high risk strategic human capital management across government and the U.S. Postal Service’s transformation and fiscal outlook. Since then, the President has made human capital a top initiative of his Management Agenda, while the Congress enacted key governmentwide human capital reforms as it created the Department of Homeland Security (DHS). In addition, a promising Postal Service transformation plan has been produced and the President formed a commission to focus on Postal Service transformation. With these positive results in mind, for 2003, GAO has designated three additional areas as high risk based on challenges involving broad-based transformation and/or the need for legislative solutions. The first new high-risk area is implementing and transforming DHS, which is high risk because of the sheer size of the undertaking, the fact that DHS’s proposed components already face a wide array of existing challenges, and the prospect of serious consequences for the nation should DHS fail to adequately address its management challenges and program risks. A related homeland security challenge will be to protect information systems supporting the federal government as well as the nation’s critical infrastructures; information security has been a high-risk area since 1997 and has been expanded this year to include both of these concerns. The second new high-risk area involves federal disability programs, primarily those at the Social Security Administration and the Department of Veterans Affairs. Already growing, disability programs are poised to surge as baby-boomers age, yet the programs remain mired in outdated economic, workforce, and medical concepts and are not well-positioned to provide meaningful and timely support to disabled Americans. The third new high-risk area involves federal real property, based on long-standing problems such as excess and underutilized property and deteriorating facilities, as well as increased security challenges from the threat of terrorism. As appropriate, GAO also continues to identify more traditional high-risk areas. For example, this year’s fourth new high-risk area involves the Medicaid program, in part because of growing concerns about inadequate fiscal oversight to prevent inappropriate program spending. What Remains to be done: This report contains GAO’s views on what remains done for each high-risk area to bring about lasting solutions. Perseverance by the administration in implementing GAO’s recommended solutions and continued oversight by the Congress both will be important. www.gao.gov/cgi-bin/getrpt?GAO-03-119. To view the full report, click on the link above. For more information, contact George H. Stalcup at (202) 512-9490 or stalcupg@gao.gov. GAO’s 2003 High-Risk List: GAO’s 2003 high-risk list is shown in the following table. Information on each of these areas is presented in separate highlights pages included at the end of this report. These highlights pages show the names of GAO executives to contact for more information on the high- risk areas and Internet links to reports in the accompanying GAO series, Performance and Accountability Series: Major Management Challenges and Program Risks, where the high-risk areas are also discussed. 2003 high-risk areas: Addressing Challenges In Broad-based Transformations; Year designated high-risk: [Empty]. 2003 high-risk areas: * Strategic Human Capital Management[A]; Year designated high-risk: 2001. 2003 high-risk areas: * U.S. Postal Service Transformation Efforts and Long-Term Outlook[A]; Year designated high-risk: 2001. 2003 high-risk areas: * Protecting Information Systems Supporting the Federal Government and the Nation’s Critical Infrastructures; Year designated high-risk: 1997. 2003 high-risk areas: * Implementing and Transforming the New Department of Homeland Security; Year designated high-risk: 2003. 2003 high-risk areas: * Modernizing Federal Disability Programs[A]; Year designated high-risk: 2003. 2003 high-risk areas: * Federal Real Property[A]; Year designated high- risk: 2003. 2003 high-risk areas: Ensuring Major Technology Investments Improve Services; Year designated high-risk: [Empty]. 2003 high-risk areas: * FAA Air Traffic Control Modernization; Year designated high-risk: 1995. 2003 high-risk areas: * IRS Business Systems Modernization; Year designated high-risk: 1995. 2003 high-risk areas: * DOD Systems Modernization; Year designated high-risk: 1995. 2003 high-risk areas: Providing Basic Financial Accountability; Year designated high-risk: [Empty]. 2003 high-risk areas: * DOD Financial Management; Year designated high- risk: 1995. 2003 high-risk areas: * Forest Service Financial Management; Year designated high-risk: 1999. 2003 high-risk areas: * FAA Financial Management; Year designated high- risk: 1999. 2003 high-risk areas: * IRS Financial Management; Year designated high- risk: 1995. 2003 high-risk areas: Reducing Inordinate Program Management Risks; Year designated high-risk: [Empty]. 2003 high-risk areas: * Medicare Program[A]; Year designated high-risk: 1990. 2003 high-risk areas: * Medicaid Program[A]; Year designated high-risk: 2003. 2003 high-risk areas: * Earned Income Credit Noncompliance; Year designated high-risk: 1995. 2003 high-risk areas: * Collection of Unpaid Taxes; Year designated high-risk: 1990. 2003 high-risk areas: * DOD Support Infrastructure Management; Year designated high-risk: 1997. 2003 high-risk areas: * DOD Inventory Management; Year designated high- risk: 1990. 2003 high-risk areas: * HUD Single-Family Mortgage Insurance and Rental Assistance Programs; Year designated high-risk: 1994. 2003 high-risk areas: * Student Financial Aid Programs; Year designated high-risk: 1990. 2003 high-risk areas: Managing Large Procurement Operations More Efficiently; Year designated high-risk: [Empty]. 2003 high-risk areas: * DOD Weapon Systems Acquisition; Year designated high-risk: 1990. 2003 high-risk areas: * DOD Contract Management; Year designated high- risk: 1992. 2003 high-risk areas: * Department of Energy Contract Management; Year designated high-risk: 1990. 2003 high-risk areas: * NASA Contract Management; Year designated high- risk: 1990. [End of table] Source: GAO. [A] Additional authorizing legislation is likely to be required as one element of addressing this high-risk area. Transmittal Letter: Historical Perspective: Overview of Progress in Addressing High-Risk Areas: High-Risk Designations Removed: Progress Being Made in Remaining High-Risk Areas: Progress in Addressing Transformation Challenges: New High-Risk Areas: Adding Three Broad-Based High-Risk Areas: New High-Risk Area Identified Based on Fiscal Oversight Vulnerabilities: Highlights of High-Risk Areas: Performance and Accountability and High-Risk Series: This is a work of the U.S. Government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. It may contain copyrighted graphics, images or other materials. Permission from the copyright holder may be necessary should you wish to reproduce copyrighted materials separately from GAO’s product. Transmittal Letter January 2003: The President of the Senate The Speaker of the House of Representatives: Since 1990, GAO has periodically reported on government operations that it identifies as “high risk.” This effort, which was supported by the Senate Committee on Governmental Affairs and the House Committee on Government Reform, has brought a much needed focus to problems that are impeding effective government and costing the government billions of dollars. To help, GAO has made hundreds of recommendations to improve these high-risk operations. Moreover, GAO’s focus on high-risk problems contributed to the Congress enacting a series of governmentwide reforms to address critical human capital challenges, strengthen financial management, improve information technology practices, and instill a more results-oriented government. GAO’s high-risk status reports are provided at the start of each new Congress. This update should help the Congress and the administration in carrying out their responsibilities while improving government for the benefit of the American people. It summarizes progress made in correcting high-risk problems, actions under way, and further actions that GAO believes are needed. In this update, GAO has determined that sufficient progress has been made to remove the high-risk designation from two areas, and has designated four new areas as high risk. GAO’s high-risk program has increasingly focused on those major programs and operations that need urgent attention and transformation in order to ensure that our national government functions in the most economical, efficient, and effective manner possible. Further, the administration has looked to GAO’s program in shaping governmentwide initiatives such as the President’s Management Agenda, which has at its base many of the areas GAO had previously designated as high risk. As in prior GAO high-risk update reports, federal programs and operations are also emphasized when they are at high risk because of their greater vulnerabilities to fraud, waste, abuse, and mismanagement. The high- risk program has served to bring “light” to these areas as well as “heat” to prompt needed “actions.” This has been clearly evidenced by the many actions that have occurred in connection with strategic human capital management and Postal Service transformation, the two most recent additions to GAO’s high-risk list prior to this update. Copies of this series are being sent to the President, the congressional leadership, other Members of the Congress, the Director of the Office of Management and Budget, and the heads of major departments and agencies. David M. Walker Comptroller General of the United States Signed by David M. Walker: [End of section] Historical Perspective: In 1990, we began a program to report on government operations that we identified as “high risk.” Since then, generally coinciding with the start of each new Congress, we have periodically reported on the status of progress to address high-risk areas and updated our high-risk list. Our previous high-risk update was in January 2001.[Footnote 1] Overall, our high-risk program has served to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Since our program began, the government has taken high-risk problems seriously and has made long- needed progress toward correcting them. In some cases, progress has been sufficient for us to remove the high-risk designation. The overall changes to our high-risk list over the past 13 years are shown in table 1. Areas removed from the high-risk list over that same period are shown in table 2. Table 1: Overall Changes to GAO’s High-Risk List, 1990 to 2003: Changes 1990-2003: Original high-risk list in 1990; Number of areas: 14. Changes 1990-2003: High-risk areas added since 1990; Number of areas: 24. Changes 1990-2003: High-risk areas removed since 1990; Number of areas: 13. Changes 1990-2003: High-risk list in 2003; Number of areas: 25. [End of table] Source: GAO. Table 2: Areas Removed from GAO’s High-Risk List, 1990 to 2003: Area: Pension Benefit Guaranty Corporation; Year designated high risk: 1990; Year removed: 1995. Area: State Department Management of Overseas Real Property; Year designated high risk: 1990; Year removed: 1995. Area: Federal Transit Administration Grant Management; Year designated high risk: 1990; Year removed: 1995. Area: Bank Insurance Fund; Year designated high risk: 1991; Year removed: 1995. Area: Resolution Trust Corporation; Year designated high risk: 1990; Year removed: 1995. Area: Customs Service Financial Management; Year designated high risk: 1991; Year removed: 1999. Area: The Year 2000 Computing Challenge; Year designated high risk: 1997; Year removed: 2001. Area: The 2000 Census; Year designated high risk: 1997; Year removed: 2001. Area: Superfund Program; Year designated high risk: 1990; Year removed: 2001. Area: Farm Loan Programs; Year designated high risk: 1990; Year removed: 2001. Area: National Weather Service Modernization; Year designated high risk: 1995; Year removed: 2001. Area: Supplemental Security Income; Year designated high risk: 1997; Year removed: 2003. Area: Asset Forfeiture Programs; Year designated high risk: 1990; Year removed: 2003. [End of table] Source: GAO. Seven of the 13 areas removed from the list over the years were among the 14 programs and operations we determined to be high risk at the outset of our efforts to monitor such programs. These results demonstrate that the sustained attention and commitment by the Congress and agencies to resolve serious, long-standing high-risk problems has paid off, as root causes of the government’s exposure for half of our original high-risk list have been successfully addressed. Historically, high-risk areas have involved traditional vulnerabilities due to their greater susceptibility to fraud, waste, abuse, and mismanagement. As our high-risk program has evolved, we have increasingly designated areas as high risk to draw attention to areas associated with the economy, efficiency, effectiveness, and accountability of government programs and operations. Perseverance by the administration is needed in implementing our recommended solutions for addressing these high-risk areas. Continued congressional oversight and, in some cases, additional authorizing legislative action will also be key to achieving progress, particularly in addressing challenges in broad-based transformations. To determine which federal government programs and functions should be designated as high risk, we used our guidance document, Determining Performance and Accountability Challenges and High Risks.[Footnote 2] In determining whether a government program or operation is high risk, we consider whether it involves national significance or a management function that is key to performance and accountability. We also consider whether the risk is: * inherent, which may arise when the nature of a program creates susceptibility to fraud, waste, and abuse; or: * a systemic problem, which may arise when the programmatic; management support; or financial systems, policies, and procedures established by an agency to carry out a program are ineffective, creating a material weakness. Further, we consider qualitative factors, such as whether the risk: * involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens’ rights; or: * could result in significantly impaired service; program failure; public injury or loss of life; or significantly reduced economy, efficiency, or effectiveness. Before making a high-risk designation, we also consider the corrective measures an agency may have planned or under way to resolve a material control weakness and the status and effectiveness of these actions. When legislative and agency actions, including those in response to our recommendations, result in significant progress toward resolving a high-risk problem, we remove the high-risk designation. Key determinants here include a demonstrated strong commitment to and top leadership support for addressing problems, the capacity to do so, a corrective action plan, and demonstrated progress in implementing corrective measures. The next section discusses how we applied these criteria in determining what areas to remove and to add since our last update in January 2001. [End of section] Overview of Progress in Addressing High-Risk Areas: Since our January 2001 report, federal departments and agencies and the Congress have taken additional steps to address areas we designated as high risk. In two cases, progress has been sufficient for the high-risk designation to be removed. For virtually every other high-risk area, important steps have been taken to resolve risks and implement our recommendations, but more needs to be done before these areas can be removed from the high-risk list. Overall, we are impressed with the level of commitment shown by top officials and anticipate continued progress. Importantly, our high-risk program has helped the executive branch and the Congress to galvanize efforts to seek lasting solutions to high- risk problems. For example, our program helped shape the administration’s focus on governmentwide initiatives such as the President’s Management Agenda (PMA), which has at its base many of the areas we had previously designated as being high risk. Moreover, our program has helped draw attention to the need to effectively manage the risks associated with several important broad-based transformations under way in government today, such as those at the Department of Defense (DOD), Internal Revenue Service (IRS), Postal Service, Department of Education, Department of Housing and Urban Development (HUD), and Federal Aviation Administration (FAA), where success will be critical to the nation and its citizens. For 2003, we have designated four new high-risk areas. Three of these involve major challenges in addressing broad-based transformations, or are areas where legislative solutions may be called for. The fourth area, Medicaid, is being added to the high-risk list, in part because of growing concern about inadequate fiscal oversight efforts to prevent inappropriate program spending. Table 3: Changes to GAO’s High-Risk List, 2001 to 2003: Changes 2001-2003: High-risk list in 2001; Number of areas: 23. Changes 2001-2003: High-risk areas added in 2003; Number of areas: 4. Changes 2001-2003: High-risk areas removed in 2003; Number of areas: 2. Changes 2001-2003: High-risk list in 2003; Number of: areas 25. [End of table] Source: GAO. High-Risk Designations Removed: For this 2003 high-risk update, we determined that two high-risk areas warranted removal from the list. They are the Social Security Administration’s (SSA) Supplemental Security Income (SSI) program and the asset forfeiture programs managed by the Departments of Justice and the Treasury. We will, however, continue to monitor these programs, as appropriate, to ensure that the improvements we have noted are sustained. Supplemental Security Income: We designated SSI a high-risk program in 1997, after several years of reporting on specific instances of abuse and mismanagement, increasing overpayments, and poor recovery of outstanding SSI overpayments. SSA’s actions since then included developing a major SSI legislative proposal with numerous overpayment deterrence and recovery provisions. The ensuing enacted legislation directly addressed a number of our prior recommendations and provides SSA with additional tools to obtain applicant income and resource information from financial institutions; imposes a period of ineligibility for applicants who transfer assets to qualify for SSI benefits; and authorizes the use of credit bureaus, private collection agencies, interest levies, and other means to recover overpayments. SSA also obtained separate legislative authority to recover overpayments from former SSI recipients who currently receive Social Security benefits. In addition, SSA initiated a number of internal administrative actions to further strengthen SSI program integrity, including using tax refund offsets for collecting SSI overpayments and more frequent automated matches to identify ineligible SSI recipients living in nursing homes and other institutions. In addition, SSA increased the number of SSI financial redeterminations that it conducted and the level of resources and staff in the Office of Inspector General devoted to investigating SSI fraud and abuse. Finally, SSA revised its field office work credit and measurement system to better reward staff for time spent developing fraud referrals. In fiscal year 2002, SSA increased its collection of overpayments by $150 million over the prior fiscal year. (See our Performance and Accountability report on the Social Security Administration.[Footnote 3]): Asset Forfeiture Programs: We first reported asset forfeiture programs operated by the Departments of Justice and the Treasury as a high-risk area in 1990 because of shortcomings in the management of and accountability for seized and forfeited property and the potential for cost reduction through administrative improvements and consolidation of the programs’ postseizure management and disposition of noncash seized property. We have subsequently reported that actions taken by Treasury’s Customs Service and Justice’s Marshals Service to address our recommendations have improved the management of and accountability for seized and forfeited property. We also reported that Justice’s Drug Enforcement Administration and Federal Bureau of Investigation (FBI) have taken many actions to address our recommendations to improve physical safeguards over drugs and firearms evidence and strengthen accountability for such evidence. In addition, the Treasury Forfeiture Fund and Justice’s Asset Forfeiture Fund and Seized Asset Deposit Fund have strengthened their financial management and accountability over seized and forfeited property, in part evidenced by the unqualified opinions on these entities’ financial statements over the past several years. With respect to consolidating noncash asset management and disposition activities, Treasury and Justice are moving toward sharing Web site locations for Internet sales, sharing selected vehicle storage and warehouse facilities, and exploring opportunities to jointly contract for specific services in high-volume areas. The departments’ substantial progress in improving the management of and accountability for seized and forfeited property, and their demonstrated commitment to communicate and coordinate where joint efforts could help reduce costs and eliminate duplicative activities, are sufficient for us to remove the high-risk designation from asset forfeiture programs. (See our Performance and Accountability reports on the Departments of Justice and the Treasury.[Footnote 4]): Progress Being Made in Remaining High-Risk Areas: For virtually all other areas that remain on our 2003 high-risk list, there has been important progress, although not yet enough progress to remove these areas from the list. Top administration officials have expressed their commitment to maintaining momentum in seeing that high- risk areas receive adequate attention and oversight. A concerted effort by agencies and ongoing attention by the Office of Management and Budget (OMB) is critical, as our experience over the past 13 years has shown that perseverance is required to fully resolve high-risk areas. The Congress, too, will continue to play an important role through its oversight and, where appropriate, through legislative action targeted at the problems and designed to address high-risk areas. Examples of agencies’ progress follow: * DOD has undertaken a number of initiatives to transform its forces and improve its business operations. As part of its transformation process, the Secretary of Defense and senior civilian and military leaders have committed to adopt a capabilities-based approach to planning based on clear goals and to improve the linkage between strategy and investments. At the same time, DOD has embarked on a series of efforts to improve its business processes, including support infrastructure reforms to include base closures, information technology modernization, and logistics reengineering. Further, in acknowledging DOD’s numerous ongoing financial difficulties, the Secretary of Defense has laid out an 8-year plan to reform financial management and accountability and instituted new contract management policies and programs aimed at increasing the importance given to these processes. Although DOD recognizes the need for internal transformation and budget reform, its goals are challenging, and its strategic plan is currently not set up to allow DOD to implement and measure progress toward achieving its performance goals in an integrated fashion. Additionally, DOD has not kept pace with the changing capabilities and productivity of the modern business environment. Effecting departmental transformation also requires cultural transformation and business process reengineering, which take years to accomplish, and a commitment from both the executive and legislative branches of government. (See “Highlights of High-Risk Areas,” p. 28.): * IRS continues to make important progress. For example, IRS (1) has developed and is using a modernization blueprint, commonly called an enterprise architecture, to guide and constrain its systems modernization projects and (2) is investing incrementally in them; both of which are leading practices of successful public-and private-sector organizations. In other actions, IRS has worked aggressively to address financial management issues not solely dependent on systems modernization for resolution and, in 2002, produced reliable annual financial statements (for the third consecutive year) only 6 weeks after the end of the fiscal year. Also, IRS has made progress in revamping both its organizational performance and human capital management systems. It has implemented and used a new strategic planning, budgeting, and performance management process. It has also rolled out a new employee evaluation system designed to align performance expectations and incentives with agencywide strategic goals. Top management has further demonstrated its commitment by taking actions to address other problems. For example, IRS is in various stages of planning and implementing a strategy to improve productivity in collecting taxes, and the Commissioner of Internal Revenue and the Treasury Assistant Secretary for Tax Policy have convened a joint task force to develop recommendations to better administer the earned income credit. However, more needs to be done to address risks associated with the growing scope and complexity of modernization and the internal control weaknesses in IRS’s financial management. Further, concerns remain about trends in the collection of unpaid taxes and the level of earned income credit noncompliance. Finally, IRS needs to continue its efforts to strengthen its approaches to managing its human capital. (See “Highlights of High-Risk Areas,” p. 28.): * The Department of Education has made important progress in, and demonstrated its commitment to, addressing long-standing issues that have made student financial aid programs vulnerable to fraud, waste, abuse, and mismanagement. Education established a team of senior managers to formulate strategies and direct initiatives to address key financial and management problems throughout the agency. Under one financial aid program initiative, names of defaulted borrowers were matched with the Department of Health and Human Services’ National Directory of New Hires database. This resulted in the collection of $269 million in fiscal year 2002 alone. Education has also conducted sample matches of income reported on student aid applications with federal tax returns. Expanding this initiative is contingent upon legislation that would increase IRS’s ability to share information with other agencies. Progress has also been made in other areas. Education’s Office of Federal Student Aid can now better integrate and use its existing data on student loans and grants, and changes have been implemented aimed at strengthening financial management departmentwide. However, additional work is needed to both prevent and collect defaulted student loans and to better demonstrate systems integration progress. Furthermore, it is too soon to determine whether changes made to improve financial management and address internal control weaknesses will prove effective. (See “Highlights of High-Risk Areas,” p. 28.): * HUD continues to work at overcoming weaknesses in its Single-Family Mortgage Insurance and Rental Housing Assistance program areas. HUD’s progress in its single-family insurance programs includes, for example, implementation of new processes to review lenders and appraisers and new incentives to improve the performance of its property disposition contractors. In its rental housing assistance programs, HUD has, among other things, initiated efforts to ensure that rental housing assistance is properly calculated and recipients are eligible, and improved processes to ensure that housing providers comply with the department’s housing quality standards. However, many of HUD’s strategies for resolving its high-risk problems represent new initiatives in the early stages of implementation, and significant problems remain. For example, HUD has not yet fully implemented an assessment system for calculating key financial indicators to determine lenders’ soundness and risk exposure. Further, HUD now estimates that rental assistance overpayments--some $2 billion out of $19 billion in assistance in fiscal year 2000--are greater than previously estimated. (See “Highlights of High-Risk Areas,” p. 28.): FAA is moving to rectify serious, long-standing material weaknesses in its financial management systems. Its new general, property, and cost accounting systems--a departmentwide initiative--are expected to give FAA the ability to produce reliable financial statements that accurately assign costs to its programs and projects and account for the cost of its property. Whether the new accounting system will fully remedy FAA’s financial management deficiencies will not be determined until it is fully implemented and subsequently subjected to a financial statement audit. FAA has also worked to address weaknesses in its Air Traffic Control Modernization efforts. For example, the agency has implemented a framework for improving its software processes, developed a systems architecture, institutionalized cost estimating practices, and improved its investment management practices. However, more needs to be done in each of these areas to achieve needed improvements. (See “Highlights of High-Risk Areas,” p. 28.): Progress in Addressing Transformation Challenges: As part of our move toward focusing on broad-based management challenges, we have designated as high risk key areas where transformation was needed or under way and where legislative action would be helpful. We have seen important progress in three of these areas as well. Strategic Human Capital Management: Since we designated strategic human capital management as a governmentwide high-risk area in January 2001, the Congress and the executive branch have taken a number of steps to address the challenges identified. Among these steps were the following: * In August 2001, the President placed the strategic management of human capital at the top of the President’s Management Agenda (PMA). * OMB began assessing agencies according to standards for success for each part of the PMA, including the strategic management of human capital. The first agency assessment was published in February 2002. Subsequent assessments, published in June and September 2002, reported on both the status and progress of agencies’ efforts in strategic human capital management. * In December 2001, the Office of Personnel Management (OPM) released a human capital scorecard to assist agencies in responding to the human capital standards for success contained in the PMA. * In the fall of 2002, OPM began realigning its organizational structure and appointed four new associate directors with proven human capital expertise to lead federal efforts. * In October 2002, OMB and OPM approved revised standards for success in the human capital area of the PMA, reflecting language developed in collaboration with us. * In November 2002, the Congress passed the Homeland Security Act of 2002, which created the Department of Homeland Security and provided the department with significant flexibility to design a modern human capital management system. This legislation also included additional significant provisions relating to governmentwide human capital management, such as direct hire authority, the ability to use categorical ranking in the hiring of applicants instead of the “rule of three,” the creation of Chief Human Capital Officers (CHCO) positions and a CHCO Council, expanded voluntary early retirement and buy-out authority, a requirement to discuss human capital approaches in Government Performance and Results Act reports and plans, a provision allowing executives to receive their total performance bonus in the year in which it is awarded, and other flexibilities. Although considerable momentum is building and progress has been made over the past 2 years, it remains clear that today’s federal human capital strategies are not yet appropriately constituted to meet current and emerging challenges or to drive needed transformation across the federal government. The basic problem, which continues today, has been the long-standing lack of a consistent strategic approach to marshalling, managing, and maintaining the human capital needed to maximize government performance and assure its accountability. Specifically, agencies across the federal government continue to face challenges in four key areas: * Leadership: Top leadership in the agencies must provide the sustained, committed, and inspired attention needed to address human capital and related organization transformation issues. * Strategic Human Capital Planning: Agencies’ human capital planning efforts need to be more fully and demonstrably integrated with mission and critical program goals. * Acquiring, Developing, and Retaining Talent: Additional efforts are needed to improve recruiting, hiring, professional development, and retention strategies to ensure that agencies have needed talent. * Results-Oriented Organizational Cultures: Agencies continue to lack organizational cultures that promote high performance and accountability, and that empower and include employees in setting and accomplishing programmatic goals. Importantly, although strategic human capital management remains high risk governmentwide, federal employees are not the problem. Rather, the problem is a set of policies that are viewed by many as outdated, over- regulated, and not strategic. Human capital weaknesses in the federal government did not emerge overnight and will not be quickly or easily addressed. Committed, sustained, and inspired leadership and persistent attention on behalf of all interested parties will continue to be essential to build on the progress that has been and is being made, if lasting reforms are to be successfully implemented. Reaching and maintaining a strategic approach to human capital management will take considerable effort on the part of the Congress, agency leadership, OPM, and OMB. Ultimately, the Congress may wish to consider legislative reforms to existing civil service laws. Key questions include the degree to which legislative changes are needed to design a modern human capital management system for the federal government. Although momentum continues to build for comprehensive reform, agencies need to use currently available flexibilities. (See “Highlights of High-Risk Areas,” p. 28.): U.S. Postal Service: In April 2001, we identified the U.S. Postal Service’s transformation efforts and long-term outlook as high risk due to growing financial, operational, and human capital challenges. Since then, these challenges have continued, and the Service has struggled to fulfill its primary mission of providing universal postal service at reasonable rates while remaining self-supporting from postal revenues. The events of September 11, 2001, and subsequent use of the mail to transmit anthrax have introduced new issues related to mail safety and security that also must be addressed. These challenges, as well as the need to address the uncertainty about the Service’s future role, require urgent attention to ensure that the Service will be able to fulfill its mission in the 21st century. In response to our high-risk designation, the Service released its Transformation Plan in April 2002. In this plan, the Service outlined actions it deemed necessary to deal with transformation issues both (1) in the short term, under its current authority and through moderate regulatory and legislative reforms, and (2) in the longer term, through fundamental structural transformation. To achieve its fundamental structural transformation, the Service proposed moving to a Commercial Government Enterprise business model. We reported that the development of the Transformation Plan was a good first step in raising key postal reform issues. Implementing the plan is a new challenge for the Service--in part because consensus has yet to be reached on legislative reforms--and therefore we have now added this implementation to the list of the Service’s major challenges. The other challenges include (1) controlling costs and improving productivity under the Service’s existing authority, (2) addressing unresolved financial issues, (3) developing strategies to address human capital issues, and (4) providing complete and reliable financial and performance information in a timely and transparent manner. Opportunities exist for the Service to address these major management challenges and make further progress in its transformation efforts. For example, the results of a recent financial analysis by OPM may lead to a reduction in the Service’s pension liability and related annual payments if the Congress takes legislative action in this area. This additional “breathing room” could allow the Service to address other financial challenges, such as its outstanding debt, substantial postretirement health obligations, and its capital freeze. The Service also anticipates a large number of upcoming retirements, which would provide an opportunity to realign the Service’s workforce and infrastructure to meet its future operational needs. Committed leadership and sustained attention to addressing the Service’s management challenges will be critical to achieving its transformation. Addressing the Service’s various challenges through comprehensive legislative reform will require consensus among various stakeholders-- something that has been very difficult to achieve, in part because the Service’s numerous stakeholders have divergent needs and concerns. Since 1996, the Congress has considered postal reform legislation many times; however, none of the reform proposals has been passed. More recently, in December 2002, the President established a nine-member Commission on the United States Postal Service to propose a vision for the future of the Postal Service and recommend the legislative and administrative reforms needed to ensure the viability of postal services. The Commission is expected to submit its report to the President by July 31, 2003. (See “Highlights of High-Risk Areas,” p. 28.): Protecting Information Systems Supporting the Federal Government and the Nation’s Critical Infrastructures: We have designated information security as a high-risk area across government since 1997 because of continuing evidence indicating significant, pervasive weaknesses in the controls over computerized federal operations. Moreover, related risks continue to escalate, in part due to the government’s increasing reliance on the Internet and on commercially available information technology. In addition, we continue to report significant information security weaknesses in 24 major federal agencies.[Footnote 5] Since our last high-risk report, efforts to correct information security weaknesses and improve federal information security have accelerated both at individual agencies and at the governmentwide level, including implementing government information security reform legislation enacted by the Congress in October 2000, implementing a related annual reporting process, and developing guidance and tools for agencies to self-assess their information security programs. On December 17, 2002, the Federal Information Security Management Act of 2002 was enacted, to permanently authorize and strengthen the information security program, evaluation, and reporting requirements established by government information security reform legislation. This legislation is an essential step to sustaining agency efforts to identify and correct significant weaknesses. Nonetheless, further information security improvement efforts are needed at the agency level and governmentwide. It is important that these efforts be guided by a comprehensive strategy and that this strategy address certain key issues including: * delineating the roles and responsibilities of the numerous entities involved in federal information security; * providing more specific guidance to agencies on the controls that they need to implement; * having agencies’ performance monitored by the agencies themselves, as well as by the Congress and the executive branch; * providing adequate technical expertise and allocating sufficient resources; and: * expanding research in the area of information systems protection. In our January 2001 high-risk update report, we also began to highlight the increasing importance of the federal government’s efforts to protect our nation’s critical public and private computer-dependent infrastructure (such as national defense, power distribution, and water supply), as outlined in Presidential Decision Directive 63. This year, we are broadening this high-risk issue to highlight the increased importance of protecting the information systems that support these critical infrastructures, referred to as cyber critical infrastructure protection or cyber CIP. Since our 2001 report, terrorist attacks and threats have further underscored the need to manage CIP activities that enhance the security of the cyber and physical public and private infrastructures that are essential to national security, national economic security, and/or national public health and safety. At the federal level, cyber CIP activities are perhaps the most critical component of a department or agency’s overall information security program. Since 2001, a number of significant actions have occurred to better position the nation to protect its critical infrastructures, including the following: * In October 2001, the President established the President’s Critical Infrastructure Protection Board to coordinate cyber-related federal efforts for protecting our nation’s critical infrastructures. * In July 2002, the President and his Office of Homeland Security issued the National Strategy for Homeland Security, which identifies protecting critical infrastructures and intelligence and warning as critical components. * In September 2002, the Protection Board released a comment draft of a National Strategy to Secure Cyberspace. The board issued this draft because the National Strategy for Homeland Security states that the administration will complete cyber and physical infrastructure protection plans to serve as the baseline for a future comprehensive national infrastructure protection plan. * On November 25, 2002, the President signed the Homeland Security Act of 2002, which established the Department of Homeland Security and, within it, the Directorate of Information Analysis and Infrastructure Protection. Although these actions taken are major steps to more effectively protect our nation’s critical infrastructures, further actions are needed to fully address our recommendations concerning CIP challenges, including: * completing a comprehensive and coordinated national CIP strategy, * improving analysis and warning capabilities, and: * improving information sharing on threats and vulnerabilities. (See “Highlights of High-Risk Areas,” p. 28.): [End of section] New High-Risk Areas: Adding Three Broad-Based High-Risk Areas: The new use of the high-risk designation to draw attention to the challenges faced by government programs and operations in need of broad-based transformation has led to important progress. With these positive results in mind, for 2003, we have designated three additional such areas as high risk: implementing and transforming the new Department of Homeland Security (DHS), modernizing federal disability programs, and federal real property. Implementing and Transforming the New Department of Homeland Security: We designated implementation and transformation of the new Department of Homeland Security as high risk based on three factors. First, the implementation and transformation of DHS is an enormous undertaking that will take time to achieve in an effective and efficient manner. Second, components to be merged into DHS already face a wide array of existing challenges. Finally, failure to effectively carry out its mission would expose the nation to potentially very serious consequences. In the aftermath of September 11, invigorating the nation’s homeland security missions has become one of the federal government’s most significant challenges. DHS, with an anticipated budget of almost $40 billion and an estimated 170,000 employees, will be the third largest government agency; not since the creation of DOD more than 50 years ago has the government sought an integration and transformation of this magnitude. In DOD’s case, the effective transformation took many years to achieve, and even today, the department continues to face enduring management challenges and high-risk areas that are, in part, legacies of its unfinished integration. Effectively implementing and transforming DHS may be an even more daunting challenge. DOD at least was formed almost entirely from agencies whose principal mission was national defense. DHS will combine 22 agencies specializing in various disciplines: law enforcement, border security, biological research, disaster mitigation, and computer security, for instance. Further, DHS will oversee a number of non- homeland-security activities, such as Coast Guard’s marine safety responsibilities and the Federal Emergency Management Agency’s (FEMA) natural disaster response functions. Yet only in the effective integration and collaboration of these entities will the nation achieve the synergy that can help provide better security against terrorism. The magnitude of the responsibilities, combined with the challenge and complexity of the transformation, underscores the perseverance and dedication that will be required of all DHS’s leaders, employees, and stakeholders to achieve success. Further, it is well recognized that mergers of this magnitude in the public and private sector carry significant risks, including lost productivity and inefficiencies. Generally, successful transformations of large organizations, even those undertaking less strenuous reorganizations and with less pressure for immediate results, can take from 5 to 7 years to achieve. Necessary management capacity and oversight mechanisms must be established. Moreover, critical aspects of DHS’s success will depend on well-functioning relationships with third parties that will take time to establish and maintain, including those with state and local governments, the private sector, and other federal agencies with homeland security responsibilities, such as the Department of State, the FBI and the Central Intelligence Agency, DOD, and the Department of Health and Human Services (HHS). Creating and maintaining a structure that can leverage partners and stakeholders will be necessary to effectively implement the national homeland security strategy. The new department is also being formed from components with a wide array of existing major management challenges and program risks. For instance, one DHS directorate’s responsibility includes the protection of critical information systems that we already consider a high risk. In fact, many of the major components merging into the new department, including the Immigration and Naturalization Service (INS), the Transportation Security Administration (TSA), Customs Service, FEMA, and the Coast Guard, face at least one major problem, such as strategic human capital risks, critical information technology challenges, or financial management vulnerabilities; they also confront an array of challenges and risks to program operations. For example, TSA has had considerable challenges in meeting deadlines for screening baggage, and the agency has focused most of its initial security efforts on aviation security, with less attention to other modes of transportation. INS has had difficulty in tracking aliens due to unreliable address information. Customs must meet challenges from the potential threats of weapons of mass destruction smuggled in cargo arriving at U.S. ports, and the Coast Guard faces the challenges inherent in a massive fleet modernization. DHS’s national security mission is of such importance that the failure to address its management challenges and programs risks could have serious consequences on our intergovernmental system, our citizens’ health and safety, and our economy. Overall, our designation of the implementation and transformation of DHS as a high-risk area stems from the importance of its mission and the nation’s reliance on the department’s effectiveness in meeting its challenges for protecting the country against terrorism. (See “Highlights of High-Risk Areas,” p. 28.): Modernizing Federal Disability Programs: This new high-risk area encompasses a range of federal disability programs. Federal disability programs have experienced significant growth over the past decade and are expected to grow even more steeply as more baby boomers reach their disability-prone years. In particular, SSA and the Department of Veterans Affairs (VA) oversee five major disability programs providing cash assistance to individuals with physical or mental conditions that reduced their earnings capacity, collectively paying more than $100 billion in cash benefits to more than 13 million beneficiaries in 2001.[Footnote 6] In recent years, scientific advances and economic and social changes, paradoxically, have redefined the relationship between impairments and work. Advances in medicine and technology have reduced the severity of some medical conditions and have allowed individuals to live with greater independence and function in work settings. Moreover, the nature of work has changed in recent decades as the national economy has moved away from manufacturing-based jobs to service-and knowledge-based employment. Yet federal disability programs remain mired in concepts from the past and are poorly positioned to provide meaningful and timely support for Americans with disabilities. Indeed, SSA and VA are struggling to provide accurate, timely, and consistent disability decisions to program applicants. We have added modernizing federal disability programs to our 2003 high-risk list based on the following concerns. Federal disability programs are grounded in outmoded concepts. Despite opportunities afforded by medical and technological advancements and the growing expectations that people with disabilities can and want to work, federal disability programs remain grounded in an approach that equates medical conditions with the incapacity to work. The legislation for SSA’s and VA’s disability programs requires that the assessment of eligibility be based on the presence of medically determinable physical and mental impairments. However, these assessments do not always reflect recent medical and technological advances and their impact on medical conditions that affect the ability to work. Likewise, the criteria used to assess disability have not incorporated changes in the labor market that have affected the skills needed to perform work and the settings in which work occurs. By using outdated information, the agencies risk overcompensating some individuals while undercompensating or denying compensation entirely to others. While relying upon outmoded assumptions about impairment and work, the agencies have experienced difficulty in managing disability programs. In spite of years of efforts to improve the management of their disability programs, both SSA and VA continue to face significant challenges. The processes these agencies use to determine disability adversely affect each agency’s ability to efficiently, equitably, and effectively serve their beneficiaries. Both SSA and VA have experienced increasing processing times for disability claims over the past several years, with claimants waiting more than 4 months for an initial decision and for more than 1 year for a decision on appeal of a denied claim. Although SSA has recently implemented several short-term initiatives not requiring statutory or regulatory changes to reduce processing times, it is still evaluating strategies for longer-term solutions. VA has demonstrated some recent progress based on newly implemented initiatives, but the agency is far from achieving its own goals for timeliness. The inconsistencies in disability decisions across adjudicative levels and locations in both agencies have raised questions about the fairness, integrity, and cost of these programs. Although both agencies have taken steps to provide training and enhance communication to improve the consistency of decisions, variations in allowances rates continue and a significant number of denied claims are still awarded on appeal. In addition, both SSA and VA have experienced challenges with implementing effective quality assurance systems. After failing in its attempts since 1994 to redesign a more comprehensive quality assurance system, SSA has recently begun a new quality management initiative. VA has taken a number of recent actions to correct problems with its quality assurance system and its measure of decision accuracy in 2002 has shown improvement. However, it is still well below the agency’s strategic goal for accuracy. Both SSA and VA lack comprehensive plans for addressing program growth. For example, between 1991 and 2001, the number of beneficiaries and their family members receiving Disability Insurance (DI) benefits, the largest of the five disability programs administered by SSA and VA, increased from 4.5 million to 6.9 million, as total cash benefits increased more than 70 percent (in 2001 dollars) during this time period to nearly $60 billion. By 2010, SSA expects that the number of DI beneficiaries and their eligible family members will increase by more than one-third over 2001 levels. (See figure 1.) Similarly, VA expects the number and complexity of its disability claims to increase due to veterans’ increased awareness of service-connected disabilities and recent legislative changes. Likewise, the disability rolls have been increasingly characterized by conditions that result in extended entitlement periods. Mental impairments and musculoskeletal conditions--conditions that people can survive with for decades--are currently more common qualifying conditions for people receiving benefits than in years past. However, SSA and VA have not sufficiently prepared for this growth and need specific plans for addressing future disability needs. Figure 1: Growth in DI Beneficiaries: [See PDF for image] Note: Figures after 2001 are estimates based on the intermediate assumptions of the Trustees of the Social Security trust funds. [End of figure] SSA also faces the challenge of supporting disability beneficiaries’ return to work. SSA has experienced limited success in doing so, in spite of changes in medicine, technology, society, and the nature of work, all of which have increased the potential for some people with disabilities to return to the labor force. Although SSA has taken a number of actions to improve its return-to-work practices, the agency still needs to develop, as we have recommended, a comprehensive return- to-work strategy that focuses at the outset on an evaluation of what is needed for an individual to return to work. Given the projected slowdown in the growth of the nation’s labor force, it is imperative that those who can work are supported in their efforts to do so. Developing comprehensive and sustainable solutions to the problems facing federal disability programs in the 21ST century will require agencies to significantly broaden their current efforts. Indeed, no single agency has the span of authority to fully address the issues involved. Although some solutions can be developed and implemented within the regulatory process, others will require legislative action. Fundamentally, agencies’ efforts need to be marked by consultation and cooperation with the legislative branch and by cross-agency cooperation. Success in improving operations and key outcomes--such as increased employment--will involve partnerships with agencies such as the Department of Labor, the Department of Education, HHS, and perhaps between SSA and VA themselves. (See “Highlights of High-Risk Areas,” p. 28.): Federal Real Property: Over 30 federal agencies control hundreds of thousands of real property assets--including both facilities and land--in the United States and abroad. These assets are worth about $328 billion, according to the fiscal year 2001 financial statements of the U.S. government.[Footnote 7] Unfortunately, much of this vast and valuable asset portfolio presents significant management challenges and reflects an infrastructure based on the business model and technological environment of the 1950s. Many assets are no longer effectively aligned with, or responsive to, agencies’ changing missions and are therefore no longer needed. Furthermore, many assets are in an alarming state of deterioration; restoration and repair needs are estimated by agencies to be in the tens of billions of dollars. For example, the Department of the Interior has a deferred maintenance backlog that its Inspector General estimated in April 2002 to be as much as $8 billion to $11 billion, and General Services Administration (GSA) data has shown a $5.7 billion repair and maintenance backlog in its buildings. Compounding these problems are the lack of reliable governmentwide data for strategic asset management, a heavy reliance on costly leasing instead of ownership to meet new space needs, and the cost and challenge of protecting these assets against potential terrorism. To address these challenges, the Congress and the administration have undertaken several efforts, including Defense Base Realignment and Closures Commissions and the President’s Commission to Study Capital Budgeting. In addition, the Congress, OMB, and GSA have also recognized the need for and developed legislative proposals in recent years that were designed to address some of the problems. Although some of these efforts and other work by individual real-property-holding agencies have had some success, much remains to be done governmentwide. In most cases, the effectiveness of current and planned initiatives has yet to be determined. Despite these efforts and the sincerity with which the federal real property community has embraced the need for reform, the problems have persisted and have been exacerbated by competing stakeholder interests in real property decisions, various legal and budget-related disincentives to achieving businesslike outcomes, the need for better capital planning among real-property-holding agencies, and the lack of a strategic governmentwide focus on federal real property issues. Given the persistence of these problems and the various obstacles that have impeded progress in resolving them, we are designating federal real property as a new high-risk area. Resolving these long-standing problems will require high-level attention and effective leadership by the Congress and the administration. Also, because of the breadth and complexity of the issues involved, the long-standing nature of the problems, and the intense debate about potential solutions that will likely ensue, current structures and processes may not be adequate to address the problems. Given this, there is a need for a comprehensive and integrated transformation strategy for federal real property, and an independent commission or governmentwide task force may be needed to develop this strategy. Such a strategy could be based on input from agencies, the private sector, and other interested groups. The strategy should also reflect the lessons learned and leading practices of public and private organizations that have attempted to reform their real property practices. These organizations have recognized that real property, like capital, people, technology, and information, is a valuable resource that, if managed well, can support the accomplishment of their missions and the achievement of their business objectives. In addition, as these organizations are recognizing, the workplace of the future will differ from today’s work environment. For the federal government, technological advancements, electronic government, flexible workplace arrangements, changing public needs, opportunities for resource sharing, and security concerns will call for a new way of thinking about the federal workplace and the government’s real property needs. Realigning the government’s real property assets with agency missions, taking into account the requirements of the future federal role and workplace, will be critical to improving the government’s performance and ensuring accountability within expected resource limits. If actions resulting from the transformation strategy comprehensively address the problems and are effectively implemented, agencies will be better positioned to recover asset values, reduce operating costs, improve facility conditions, enhance safety and security, and achieve mission effectiveness. (See “Highlights of High- Risk Areas,” p. 28.): New High-Risk Area Identified Based on Fiscal Oversight Vulnerabilities: In addition to our expanded focus on challenges associated with the economy, efficiency, and effectiveness of government programs and operations in need of broad-based transformation, we will continue to identify high-risk areas based on the more traditional focus on fraud, waste, abuse, and mismanagement. For such problems, our focus will continue to be on identifying the root causes behind the vulnerabilities, as well as actions needed on the part of the agencies involved and, if appropriate, the Congress. For this update, we have designated one such new high-risk area. Medicaid Program: Growing concern about the size, growth, and fiscal oversight of the Medicaid program has led us to include the program on our 2003 high- risk list. Medicaid pays for both acute health care and long-term care services for over 44 million low-income Americans and is the third largest social program in the federal budget (after Social Security and Medicare). Financed jointly by the federal government and the states, Medicaid consists of more than 50 distinct “state” programs that together cost $228 billion in fiscal year 2001, accounts for more than 20 percent of states’ total expenditures, and is projected to double in spending in a decade. The federal government pays from half to more than three-fourths of each state’s Medicaid expenditures. The Centers for Medicare & Medicaid Services (CMS) faces major challenges in managing this program of vast size, growth, and diversity. Protecting the program’s fiscal integrity is critically important. It is especially challenging because the federal government’s financial liability for the Medicaid program is linked to reported state expenditures. Our work in recent years finds that federal and state oversight efforts have often been inadequate to prevent inappropriate spending, thereby increasing federal spending unnecessarily. Over the last decade, for example, some states have found ways to inappropriately leverage federal funds. Although CMS and the Congress have acted to curb certain financing schemes, states have found new statutory and regulatory loopholes to create the illusion that they have made large Medicaid payments to certain health care providers in order to generate excessive federal matching payments. Some of the schemes have cost the federal government several billions of dollars each year. We are also concerned that states’ receipt of waivers--where the Secretary of HHS waives certain statutory provisions and allows testing of new health care delivery and coverage ideas--may continue to increase the federal government’s financial liability beyond what it would have been without the waivers.[Footnote 8] For example, two states’ waivers approved in 2002 are estimated to cost the federal government an extra $330 million or more than it would have paid in the absence of the waivers. HHS is currently considering approval of similar waivers by additional states. Another area of concern involves federal and state efforts to ensure that payments are accurate and appropriate. Like other health care payers, Medicaid is vulnerable to waste, fraud, and abuse by providers who submit inappropriate claims. The hundreds of millions of dollars in improper payments that a few states have identified in recent years suggests that states have the potential for considerable savings through increased efforts to safeguard program payments. The exploitation of Medicaid not only penalizes taxpayers, but also jeopardizes the viability of a program that over 44 million low-income Americans depend on for essential health and long-term care services. To better protect Medicaid dollars, CMS must take the steps needed to strengthen federal and state fiscal oversight to ensure that the federal government pays only its valid share of proper program expenditures. (See “Highlights of High-Risk Areas,” p. 28.): [End of section] Highlights of High-Risk Areas: Overall, the government continues to take high-risk problems seriously and is making long-needed progress toward correcting them. The Congress has also acted to address several individual high-risk areas through hearings and legislation. Continued perseverance in addressing high- risk areas will ultimately yield significant benefits. Lasting solutions to high-risk problems offers the potential to save billions of dollars, dramatically improve service to the American public, strengthen public confidence and trust in the performance and accountability of our national government, and ensure the ability of government to deliver on its promises. We have prepared highlights of each of the 25 current high-risk areas showing (1) why the area is high risk, (2) the actions that have been taken and that are under way to address the problem since our last update report and the issues that are yet to be resolved, and (3) what remains to be done to address the risk. These highlights are presented on the following pages. Also, comprehensive discussions of 22 of the high-risk areas are included in the relevant department or agency report in the accompanying special GAO series entitled the Performance and Accountability Series: Major Management Challenges and Program Risks. The individual high-risk area highlights provide a link to the relevant reports in this series. Comprehensive discussions of the 3 crosscutting high-risk areas--strategic human capital management, protecting information systems supporting the federal government and the nation’s critical infrastructures, and federal real property--are presented in separate reports as part of this series. GAO Highlights: High-Risk Series High-Risk Series Strategic Human Capital Management: Highlights of a high-risk area discussed in the GAO report entitled High-Risk Series: Strategic Human Capital Management (GAO-03-120) Why Area is High Risk: In its January 2001 High-Risk Update (GAO-01-263), GAO designated strategic human capital management as a governmentwide high-risk area. The basic problem, which continues today, has been the long-standing lack of a consistent strategic approach to marshaling, managing, and maintaining the human capital needed to maximize government performance and assure its accountability. This report is part of a special series of reports on governmentwide and agency-specific challenges. What GAO Found: Leading public organizations here and abroad have found that strategic human capital management must be the centerpiece of any serious change management initiative and efforts to transform the cultures of government agencies. Unfortunately, the federal government’s strategic human capital approaches are not yet well positioned to enable the needed transformation. Since we designated strategic human capital management as a governmentwide high-risk area in January 2001, Congress has taken a number of steps to address the challenges identified, including granting agencies significant new authorities for managing their human capital as part of the Homeland Security Act of 2002. The strategic management of human capital was also placed at the top of the President’s Management Agenda. Individual agencies have also taken action to address their specific challenges. Despite the considerable progress over the past 2 years, it remains clear that today’s federal human capital strategies are not appropriately constituted to meet current and emerging challenges or to drive the needed transformation across the federal government. Specifically, agencies continue to face challenges in four key areas: *Leadership: Top leadership in the agencies must provide the committed and inspired attention needed to address human capital and related organization transformation issues. Strategic Human Capital Planning: Agencies’ human capital planning efforts need to be more fully and demonstrably integrated with mission and critical program goals. Acquiring, Developing, and Retaining Talent: Additional efforts are needed to improve recruiting, hiring, professional development, and retention strategies to ensure that agencies have the needed talent. Results-Oriented Organizational Cultures: Agencies continue to lack organizational cultures that promote high performance and accountability and empower and include employees in setting and accomplishing programmatic goals. Importantly, although strategic human capital management remains high – risk governmentwide, federal employees are not the problem. Rather, the problem is a set of policies and practices that are not strategic, and viewed by many as outdated and over-regulated. In the final analysis, modern, effective, and credible human capital strategies will be essential in order to maximize the performance and assure the accountability of the government for the benefit of the American people. What Remains to be Done: Reaching and maintaining an approach to human capital management that is strategic will take considerable effort from the Congress, agencies, the Office of Personnel Management, and the Office of Management and Budget. Ultimately, Congress will need to consider additional legislative reforms to existing civil service laws. While momentum continues to build for comprehensive civil service reform, agencies need to use currently available flexibilities to recruit, hire, develop, retain, and hold employees accountable for mission accomplishment. www.gao.gov/cgi-bin/getrpt?GAO-03-120. For additional information about this high-risk area, click on the link above or contact J. Christopher Mihm at (202) 512-6806 or mihmj@gao.gov. [End of section] GAO Highlights: High-Risk Series High-Risk Series U.S. Postal Service: Transformation Efforts and Long-Term Outlook: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the U.S. Postal Service (GAO-03-118) Why Area is High Risk: In April 2001, GAO designated the U.S. Postal Service’s (the Service) transformation and long-term outlook as high risk because of growing financial and operational difficulties, including the following: The fiscal year 2001 outlook changed from a $480 million to a $2 billion–$3 billion deficit. Growth in expenses outpaced the growth in revenues. Capital spending was deferred. Weakened cash flow increased borrowing pressures, as debt levels approached the statutory borrowing limit. Also, human capital issues, such as the wave of impending retirements, performance-based compensation, and labor-management relations, needed to be addressed. What GAO Found: The Service’s current business model, which relies on increasing mail volumes to mitigate rate increases and cover costs, is at risk as competition and technological alternatives increase. In fiscal years 2001 and 2002, despite multiple rate increases and cost-cutting efforts, the Service incurred large deficits as total mail volume declined. The figure below shows that mail volume growth for First-Class Mail and Standard Mail—mail classes that generate over three-fourths of the Service’s revenue—has been slowing. Growth in Key Mail Classes Is Slowing [See PDF for image] [End of figure] Other major challenges facing the Service include: Long-standing difficulty in cutting costs, particularly related to its workforce and infrastructure, and in sustaining productivity gains; Unknown safety and security needs; Cash flow from operations that is insufficient to fund capital expenditures and reduce borrowing pressure; Liabilities that continue to exceed assets, and postretirement health obligations that are growing; Succession planning for the large number of upcoming retirements. To address its high-risk designation, the Service issued its Transformation Plan (the Plan) in April 2002. The Plan outlined steps to guide it in carrying out its future mission and proposed a new business model to achieve its long-term transformation. The Plan was a good first step; however, concerns remain about its full implementation, as no consensus has been reached on the Service’s future. Effective leadership and sustained attention by the Service will be key to effectively carrying out its transformation. Opportunities exist (for example, the upcoming retirements) for the Service and its leadership to address these challenges. A recent analysis may lead to a significant reduction in its pension liability, which would improve the Service’s financial outlook and allow it to address other financial challenges and align its workforce and infrastructure to meet future needs. What Remains to Be Done: GAO believes the Service should: Work with Congress, the Presidential Commission, and stakeholders to implement its Plan, including legislation to address issues related to its mission and role for the 21st century; governance structure; accountability mechanisms; and human capital matters. Develop strategies to align its infrastructure and workforce to support its business model; Continue efforts to cut costs and improve productivity; and Address long-term financial concerns, such as outstanding debt and postretirement health obligations. www.gao.gov/cgi-bin/getrpt?GAO-03-118 For additional information about this high-risk area, click on the link above or contact Bernard L. Ungar at (202) 512-2834 or ungarb@gao.gov. [End of section] GAO Highlights: High-Risk Series Protecting Information Systems Supporting the Federal Government and the Nation’s Critical Infrastructures: Highlights of a high-risk area discussed later in this report (GAO-03-121) Why Area is High Risk: Since GAO designated computer security in the federal government as high risk in 1997, evidence of pervasive weaknesses has been continuing. Also, related risks have been escalating, in part because of the dramatic increases in computer interconnectivity and increasing dependence on computers to support critical operations and infrastructures, such as power distribution, water supply, national defense, and emergency services. This year, GAO expanded this high risk area to include protecting the information systems that support our nation’s critical infrastructures, referred to as cyber critical infrastructure protection or cyber CIP. Among other reasons for designating cyber CIP high risk is that terrorist groups and others have stated their intentions of attacking our critical infrastructures, and failing to protect these infrastructures could adversely affect our national security, economic security, and/or public health and safety. What GAO Found: Since January 2001, efforts to improve federal information security have accelerated at individual agencies and at the governmentwide level. For example, implementation of Government Information Security Reform legislation (GISRA) enacted by the Congress in October 2000 was a significant step in improving federal agencies’ information security programs and addressing their serious, pervasive information security weaknesses. In Implementing GISRA, agencies have noted benefits, including increased management attention to and accountability for information security. Although improvements are under way, recent audits of 24 of the largest federal agencies continue to identify significant information security weaknesses that put critical federal operations and assets in each of these agencies at risk (see figure below). Over the years, various working groups have been formed, special reports written, federal policies issued, and organizations created to address the nation’s critical infrastructure challenges. In 1998, the President issued Presidential Decision Directive 63 (PDD 63), which described a strategy for cooperative efforts by government and the private sector to protect the physical and cyber-based systems essential to the minimum operations of the economy and the government. To accomplish its goals, PDD 63 designated and established organizations to provide central coordination and support. This directive has since been supplemented by Executive Order 13231, which established the President’s Critical Infrastructure Protection Board and the President’s National Strategy for Homeland Security. While the actions taken to date are major steps to more effectively protect our nation’s critical infrastructures, GAO has made numerous recommendations over the last several years concerning CIP challenges. In response to these challenges, improvements have been made and efforts are in progress, but more work is needed to address them. Information Security Weaknesses at 24 Major Agencies [See PDF for image] [End of figure] What Remains to Be Done: Among other actions essential to sustaining federal information security improvements are the agencies’ development of effective risk management programs and the development of a comprehensive strategy to guide agencies’ efforts. Further actions to improve CIP include developing a national CIP strategy and improving analysis and warning capabilities and information sharing on threats and vulnerabilities. www.gao.gov/cgi-bin/getrpt?GAO-03-121. For additional information about this high-risk area, click on the link above or contact Robert F. Dacey at (202) 512-3317 or daceyr@gao.gov. [End of section] GAO Highlights: High-Risk Series Implementing and Transforming the New Department of Homeland Security: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Homeland Security (GAO-03-102) Why Area is High Risk: GAO has designated implementing and transforming the new Department of Homeland Security (DHS) as a high risk area for three reasons. First, the implementation and transformation of DHS is an enormous undertaking that will take time to achieve in an effective and efficient manner. Second, components being merged into DHS already face a wide array of existing challenges. Finally, failure to effectively carry out its mission exposes the nation to potentially very serious consequences. What GAO Found: Effectively implementing and transforming the Department of Homeland Security will be a daunting challenge. The Department will combine 22 agencies with an estimated 170,000 employees specializing in various disciplines: law enforcement, border security, biological research, disaster mitigation, and computer security, for instance. Further, DHS will oversee a number of non-homeland security activities, such as the Coast Guard’s marine safety responsibilities and the Federal Emergency Management Agency’s (FEMA) natural disaster response functions. Yet, only in the effective integration and collaboration of these entities will the nation achieve the synergy that can help provide better security. The magnitude of the responsibilities, combined with the challenge and complexity of the transformation, underscore the perseverance and dedication that will be needed from DHS’s leaders, employees, and stakeholders to achieve success. It is well recognized that mergers of this magnitude in the public and private sector carry significant risks, including lost productivity and inefficiencies. Generally, successful transformations of large organizations, even those undertaking less strenuous reorganizations and with less pressure for immediate results, can take from 5 to 7 years to achieve. Necessary management capacity and oversight mechanisms must be established. Moreover, critical aspects of DHS’s success will depend on well-functioning relationships with third parties that will take time to establish and maintain, including those with states and local governments, the private sector, and other federal agencies with homeland security responsibilities, such as the State Department, the Federal Bureau of Investigation, the Central Intelligence Agency, the Defense Department, the Transportation Department, and the Department of Health and Human Services. Creating and maintaining a structure that can leverage partners and stakeholders will be needed to effectively implement the national homeland security strategy. The new department also is being formed from components with a wide array of existing major management challenges and program risks. For instance, one DHS directorate’s responsibility includes the protection of critical information systems that GAO already considers a high risk. In fact, many of the major components merging into the new department— including the Immigration and Naturalization Service, the Transportation Security Administration, Customs Service, FEMA, and the Coast Guard—face at least one major problem, such as strategic human capital risks, information management technology challenges, or financial management vulnerabilities; they also confront an array of program operations challenges and risks. DHS’s national security mission is of such importance that the failure to effectively address its management challenges and program risks could have serious consequences on our intergovernmental system, our citizens’ health and safety, and our economy. What Needs to Be Done: The long-term solution to this high risk area necessitates that DHS effectively integrate the 22 incoming agencies and nearly $40 billion budget in order to achieve the synergy for providing better security against terrorism. Necessary management capacity, priority setting, and oversight mechanisms must be established to cope with inherent risks associated with major mergers. In addition, creating and maintaining a structure that can leverage partners and stakeholders will be essential to effectively implementing the national homeland security strategy. Finally, DHS must confront a wide array of existing major management challenges and program risks in its incoming agencies to ensure success. www.gao.gov/cgi-bin/getrpt?GAO-03-102. For additional information about this high-risk area, click on the link above or contact Randall Yim at (202) 512-3580 or yimr@gao.gov, or Patricia Dalton at (202) 512-6806 or daltonp@gao.gov. [End of Section] GAO Highlights: High-Risk Series Modernizing Federal Disability Programs: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Social Security Administration (GAO-03-117) and the Department of Veterans Affairs (GAO-03-110) Why Area is High Risk: Disability programs have been growing and are poised to grow even more rapidly as more baby boomers reach their disability prone years. This growth is taking place despite greater opportunities for people with disabilities to work. Moreover, this growth is occurring at the same time that agencies such as the Social Security Administration (SSA) and the Department of Veterans Affairs (VA) are struggling to provide timely and consistent disability decisions. While the agencies are taking some actions to address these problems in the short term, longer-term solutions are likely to require fundamental changes including legislative action. What GAO Found: GAO’s work examining the challenges facing federal disability programs has found that these programs are not well positioned to provide meaningful and timely support for Americans with disabilities. In particular, SSA’s and VA’s programs are based on concepts from the past. These outdated concepts persist despite scientific advances and economic and social changes that have redefined the relationship between impairments and the ability to work. Advances in medicine and technology have reduced the severity of some medical conditions and have allowed individuals to live with greater independence and function in work settings. Moreover, the nature of work has changed as the national economy has become increasingly knowledge-based. At the same time, the projected slowdown in growth of the nation’s labor force makes it imperative that those who can work are supported in their efforts to do so. Beyond these outmoded design issues, the agencies also face longstanding challenges to improve the quality and timeliness of disability decisions. As the result of this work, GAO has added modernizing federal disability programs to its 2003 high-risk list based on the following concerns: SSA and VA Programs Remain Grounded in Outmoded Concepts of Disability. Disability criteria have not been updated to reflect the current state of science, medicine, technology and labor market conditions. As a result, both agencies need to reexamine the medical and vocational criteria they use to determine whether individuals are eligible for benefits. Using outdated information, the agencies risk overcompensating some individuals while undercompensating or denying compensation entirely to others. Agencies Have Difficulties Managing Disability Programs. Both SSA and VA have experienced (1) lengthy processing times for disability claims, (2) inconsistencies in disability decisions across adjudicative levels and locations, and (3) challenges with implementing effective quality assurance systems. The agencies have made some progress addressing some of these challenges, but much more work needs to be done. Agencies Need Adequate Plans for Addressing Program Growth. Between 1991 and 2001, the SSA Disability Insurance rolls increased by more than 50 percent and growth is expected to continue. Similarly, VA expects the number of its disability claims to increase. However, SSA and VA have not sufficiently prepared for this growth and will need specific plans for addressing future disability needs. Developing effective and sustainable solutions to problems facing federal disability programs will require consultation and cooperation between the executive and legislative branches as well as cross-agency efforts, and will likely require statutory as well as regulatory and management actions. What Remains to Be Done: GAO believes that SSA and VA should take the lead in examining the fundamental causes of program problems such as outmoded disability criteria and seek both management and legislative solutions as appropriate to bring their programs in line with the current state of science, medicine, technology and labor market conditions. At the same time, these agencies should continue to develop and implement strategies for improving the accuracy, timeliness, and consistency of disability decision- making. Further, both agencies should pursue more effective quality assurance systems. www.gao.gov/cgi-bin/getrpt?GAO-03-117. www.gao.gov/cgi-bin/getrpt?GAO-03-110. For additional information about this high-risk area, click on the link above or contact Robert E. Robertson (SSA programs) at (202) 512-7215 or robertsonr@gao.gov or Cynthia Bascetta (VA programs) at (202) 512-7101 or bascettac@gao.gov. [End of section] GAO Highlights: High-Risk Series Federal Real Property: Highlights of a high-risk area discussed in the GAO report entitled High-Risk Series: Federal Real Property (GAO-03-122) Why Area is High Risk: Long-standing problems with excess and underutilized real property, deteriorating facilities, unreliable real property data, and costly space challenges are shared by several agencies. These factors have multibillion-dollar cost implications and can seriously jeopardize mission accomplishment. Federal agencies face many challenges securing real property due to the threat of terrorism. What GAO Found: Over 30 agencies control hundreds of thousands of real property assets worldwide, including facilities and land, which are worth hundreds of billions of dollars. Unfortunately, much of this vast, valuable portfolio reflects an infrastructure based on the business model and technological environment of the 1950s. Many of the assets are no longer effectively aligned with, or responsive to, agencies’ changing missions and are therefore no longer needed. Further, many assets are in an alarming state of deterioration; agencies have estimated restoration and repair needs to be in the tens of billions of dollars. Compounding these problems are the lack of reliable governmentwide data for strategic asset management, a heavy reliance on costly leasing instead of ownership to meet new needs, and the cost and challenge of protecting these assets against potential terrorism. To address these challenges, Congress and the administration have undertaken several efforts, including Defense Base Realignment and Closures Commissions, the President’s Commission to Study Capital Budgeting, and various legislative initiatives. While some of these efforts and other work by individual real property-holding agencies have had some success, much remains to be done governmentwide. Furthermore, despite these efforts, the problems have persisted and have been exacerbated by competing stakeholder interests in real property decisions; various legal and budget-related disincentives to businesslike outcomes; the need for better capital planning among agencies; and the lack of a strategic, governmentwide focus on real property issues. Given the persistence of the problems and related obstacles, we have added federal real property as a new high-risk area. Resolving these problems will require high-level attention and effective leadership by both Congress and the administration. Also, because of the breadth and complexity of the issues, the long-standing nature of the problems, and the intense debate that will likely ensue, current structures and processes may not be adequate to address the problems. Thus, there is a need for a comprehensive, integrated transformation strategy for real property. Realigning the government’s real property, taking into account future workplace needs, will be critical to improving the government’s performance and ensuring accountability within expected resource limits. [See PDF for image] [End of figure] What Remains to Be Done: There is a need for a comprehensive and integrated real property transformation strategy that could identify how best to realign and rationalize federal real property and dispose of unneeded assets; address significant real property repair and restoration needs; develop reliable, useful real property data; resolve the problem of heavy reliance on costly leasing; and minimize the impact of terrorism on real property. An independent commission or governmentwide task force may be needed to develop this strategy. If resulting actions address the problems and are effectively implemented, agencies will be better able to recover asset values, reduce operating costs, improve facility conditions, enhance safety and security, and achieve mission effectiveness. www.gao.gov/cgi-bin/getrpt?GAO-03-122. For additional information about this high-risk area, click on the link above or contact John H. Anderson, Jr. at (202) 512-2834 or AndersonJ@gao.gov. [End of figure] GAO Highlights: High-Risk Series Federal Aviation Administration Air Traffic Control Modernization: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Transportation (GAO-03-108) Why Area is High Risk: After 2 decades and $35 billion, FAA’s air traffic control modernization program is far from complete. While FAA has made important progress in addressing weaknesses that GAO identified, more remains to be done. In the meantime, major FAA projects continue to face challenges that could affect the agency’s ability to meet cost, schedule, and/or performance expectations. Key projects include the Standard Terminal Automation Replacement System, Next-Generation Air/Ground Communications System, and Wide Area Augmentation System. What GAO Found: Faced with growing air traffic and aging equipment, in 1981 FAA initiated an ambitious effort to modernize its air traffic control system. This effort involves acquiring a vast network of radar, navigation, communications, and information processing systems, as well as new air traffic control facilities— and is expected to cost over $50 billion through fiscal year 2007. However, over the past 2 decades, many of the projects that make up the modernization program have experienced cost overruns, schedule delays, and performance shortfalls of large proportions. GAO initially designated FAA’s modernization program as high risk in 1995. GAO’s work over the years has identified root causes of the modernization program’s problems, including immature software acquisition capabilities, lack of a complete systems architecture, inadequate cost estimating and accounting practices, ineffective investment management practices, and an organizational culture that impaired the acquisition process. FAA has made important progress in addressing these weaknesses. For example, the agency has implemented a framework for improving its software processes, developed a systems architecture, institutionalized cost estimating practices, and improved its investment management practices. However, more remains to be done in each of these areas. [See PDF for image] [End of figure] What Remains to Be Done: GAO has made over 30 specific recommendations to address the root causes of FAA’s problems. While the agency has made progress on these recommendations, more must be done to institutionalize mature software acquisition processes, enforce the systems architecture, and implement effective investment management processes. With FAA expecting to spend about $16 billion through fiscal year 2007 on new air traffic control systems, these actions are as critical as ever. www.gao.gov/cgi-bin/getrpt?GAO-03-108. For additional information about this high-risk area, click on the link above or contact Joel C. Willemssen at (202) 512-6408 or willemssenj@gao.gov. [End of section] GAO Highlights: High-Risk Series Internal Revenue Service Business Systems Modernization: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of the Treasury (GAO-03-109) Why Area is High Risk: The Internal Revenue Service’s (IRS) multibillion-dollar Business Systems Modernization program is critical to the success of the agency’s efforts to transform its manual, paper-intensive business operations and fulfill its obligations under the IRS Restructuring and Reform Act. While IRS has made important progress in establishing long overdue modernization management capabilities, and in acquiring the foundational system infrastructure and the system applications that will permit the agency to operate more effectively and efficiently, significant challenges and risks remain. What GAO Found: In 1995, after finding numerous and severe management and technical program control weaknesses, GAO designated IRS’s systems modernization activities as high risk. At that time, GAO made a series of recommendations, including limiting modernization activities and spending until the weaknesses were corrected. IRS responded slowly. In light of IRS’s response and additional recommendations made by GAO as part of its ongoing support to Congress in overseeing systems modernization, GAO’s 2001 high-risk report noted that despite improvements, key management controls were still lacking. GAO also observed that until they were in place, the risks of project cost, schedule, and performance shortfalls would remain and would, in fact, increase as IRS began to build and deploy systems. Since that time IRS has made significant progress. For example, IRS has developed and is using a modernization blueprint, commonly called an enterprise architecture, to guide and constrain its modernization projects, and is investing incrementally in its projects, both of which are leading practices of successful public and private-sector organizations. Nevertheless, the program remains at risk for two reasons: Scope and complexity of modernization are growing. As IRS proceeds, the number of projects underway and the complexity of the tasks associated with those projects that are moving beyond design and into development, continue to expand. Modernization management capacity is still maturing. IRS has yet to fully implement a strategic approach to ensuring that it has sufficient human capital resources, and it has yet to fully implement process controls in such areas as estimating costs and defining performance based contracts What Remains to Be Done: IRS acknowledges its challenges and risks, and it is taking action to address them. It is important for IRS to fully implement essential modernization management capabilities, including cost estimation, performance based contracting, and strategic management of human capital. This is especially important now, as IRS’s fiscal year 2003 spending plan aims to fund the later, more complex and demanding stages of several key projects. It is therefore essential that IRS move quickly to fully implement our remaining recommendations. www.gao.gov/cgi-bin/getrpt?GAO-03-109. For additional information about this high-risk area, click on the link above or contact Robert F. Dacey at (202) 512-3317 or daceyr@gao.gov. [End of figure] GAO Highlights: High-Risk Series Department of Defense Systems Modernization: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: To transform its business operations, the Department of Defense (DOD) is spending billions of dollars to modernize its information technology systems. However, pervasive modernization management weaknesses increase the risk that these efforts will not be successful. Within some components of DOD, modernization management improvements have occurred, but the department as a whole remains far from where it needs to be in order to effectively and efficiently manage something the size and significance of its DOD-wide systems modernization program. What GAO Found: Since GAO first designated DOD’s systems modernization as a high risk in 1995, DOD has had limited success in modernizing its information technology environment because it has yet to fully implement GAO’s recommendations aimed at addressing its underlying modernization management weaknesses. DOD acknowledges that it needs to correct these weaknesses and has agreed to implement most of GAO’s recommendations. However, progress in doing so since GAO’s 2001 high-risk report has been mixed. To its credit, DOD is taking steps to develop integrated modernization blueprints, commonly called enterprise architectures, and it has revised its investment management guidance. Also, it has engaged DOD’s executive leadership in the modernization through such bodies as the Defense Practice Implementation Board. However, much remains to be accomplished before DOD will have effectively mitigated the risks it faces in modernizing its systems. At the same time, DOD continues to invest heavily in information technology, with about $26 billion planned for fiscal year 2003. Key modernization management improvements that DOD needs to make include: Establish and use enterprise architectures. DOD lacks an integrated set of enterprise architectures for its financial and related business functions, which is a recognized best practice, thus preventing DOD and its component organizations from investing billions of dollars in a way that promotes system interoperability, limits duplication, and optimizes institutional performance. Institute effective investment management practices. DOD components are not consistently following best practices in managing its information technology investments as portfolios of competing investment options. Also, DOD is committing to billion-dollar information technology projects without adequate economic justification and without reducing the investments’ inherent risk by breaking them into a series of smaller projects. Consistently implement effective acquisition processes. DOD components’ implementation of acquisition management best practices is uneven, as are its proactive efforts to improve these processes, which limits DOD’s ability to consistently deliver promised system capabilities on time and within budget. What Remains to Be Done: As GAO has reported, the key to effecting meaningful change is executive management leadership and commitment to and use of a proven management framework. Accordingly, DOD needs to (1) treat these areas as management priorities and (2) implement frameworks for modernizing its systems that are grounded in legislative requirements, federal guidance, and the practices and successes of leading public and private-sector institutions. Although DOD agrees with these recommendations, its progress in implementing them has been mixed. The backing of senior management, as shown by DOD’s successful Year 2000 effort, will play a large role in what is accomplished. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Randolph C. Hite at (202) 512-3439 or hiter@gao.gov. [End of section] GAO Highlights: High-Risk Series Department of Defense Financial Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: Since 1995, the Department of Defense’s (DOD) financial management has been on GAO’s list of high-risk areas vulnerable to waste, fraud, abuse, and mismanagement. Taken together, DOD’s financial management deficiencies represent the single largest obstacle to achieving an unqualified opinion on the U. S. government’s consolidated financial statements. DOD continues to face financial management problems that are pervasive, complex, long-standing, and deeply rooted in virtually all its business operations. DOD’s financial management deficiencies adversely affect the department’s ability to control costs, ensure basic accountability, anticipate future costs and claims on the budget, measure performance, maintain funds control, prevent fraud, and address pressing management issues. What GAO Found: GAO recently reported on fundamental flaws in DOD’s financial management systems, processes, and overall internal control environment that resulted in government travel card delinquency rates for the Army and Navy that were nearly double those of federal civilian agencies; numerous instances of potential fraud and abuse, including purchases of a wide range of goods and services unrelated to official business; $146 million in illegal adjustments to amounts appropriated by the Congress; an inability to ensure the Congress that the $1.1 billion in funds it received for spare parts were used for that purpose; managing and reporting on the funding associated with the Air Force’s contracted depot maintenance that resulted in understating the dollar value of year-end carryover work by tens of millions of dollars; and excessing and selling critical inventory items such as unused sets of chemical and biological protective garments for about $3 each, while at the same time procuring hundreds of thousands of other such garments for over $200 per set. Previous administrations over the past 12 years have attempted to address these problems in various ways, but have largely been unsuccessful despite good intentions and significant effort. The results of DOD’s past stove-piped approaches to financial management reform are perhaps most evident in its business systems environment— recently estimated to include over 1,700 systems and system development projects—many of which evolved in piecemeal fashion to accommodate different organizations, each with its own policies and procedures. Overhauling DOD’s financial management operations represents a major management challenge that goes far beyond financial accounting to the very fiber of the department’s range of business operations and management culture. To his credit, on September 10, 2001, the Secretary of Defense recognized the far-reaching nature of DOD’s existing financial management problems and announced a broad initiative intended to “transform the way the department works and what it works on.” DOD’s current initiative to overhaul its business systems is more far-reaching and comprehensive than in the past. DOD’s goals for reforming this high-risk area have long-term application and are not just patchwork fixes. However, the challenges remaining are daunting. DOD’s well-intentioned transformation initiative will succeed only with the right incentives, transparency, and accountability. Most importantly, it will require a number of years of sustained leadership, spanning successive administrations, to be successful. What Remains to Be Done: Keys to effective reform are an integrated approach, sustained leadership, accountability for reform tied to the Secretary, results- oriented performance measures, appropriate incentives and consequences, enterprisewide system architecture and investment control, and effective oversight and monitoring. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov. [end of section] GAO Highlights: High-Risk Series Forest Service Financial Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Agriculture (GAO-03-96) Why Area is High Risk: Although the Forest Service received an unqualified opinion on its fiscal year 2002 financial statements, it took extraordinary effort. The Forest Service has not proven it can sustain this outcome and continues to have serious material internal control weaknesses. What GAO Found: In 1999, we designated financial management of the U.S. Department of Agriculture’s (USDA) Forest Service as “high risk” on the basis of serious financial and accounting weaknesses. Again in our January 2001 report, we reiterated our concerns. In December 2002, the Forest Service received an unqualified opinion on its fiscal year 2002 financial statements. While the Forest Service has reached an important milestone, it has not yet proved it can sustain this outcome, and it has not reached the end goal of routinely having timely, accurate, and useful financial information. As described in the following table, the Forest Service still has long-standing material control weaknesses in, among other things, its two major assets—fund balance with the Department of the Treasury (Treasury) and property, plant, and equipment. Forest Service Material Internal Control Weaknesses: Financial management area; Condition reported by auditor: Fund balance with the Treasury: The Forest Service had a large backlog of unreconciled items that needed to be researched and corrected. To bring the fund balance with the Treasury account into balance with Treasury records as of September 30, 2002, the Forest Service made a $107 million adjustment. General and software application controls: Inadequate internal controls existed in the general computer control environment and in specific software applications. Accrued liabilities: The proposed methodology for estimating certain liabilities, such as grants, was inaccurate and would have understated both accrued liabilities and related expenses. Sampling methodologies were used to project the year-end balance. Payroll process: Users were allowed to submit their time sheets for approval to an employee who was not the designated supervisor. In addition, time sheets lacked adequate evidence of supervisory review. Property, plant, and equipment: Property cost and related information (e.g., useful life) were not accurately recorded. Source: GAO analysis. [End of table] What Remains to Be Done: As recommended by its financial statement auditor, the Forest Service should continue to improve its internal controls over reconciliations of its records with the Treasury’s records, improve internal controls over the general computer control environment and specific software applications, develop a new methodology for estimating certain liabilities and maintain supporting documentation, improve automated and manual controls over payroll processes, and continue to improve its internal controls over initial recording of its property, plant, and equipment. www.gao.gov/cgi-bin/getrpt?GAO-03-96. For additional information about this high-risk area, click on the link above or contact McCoy Williams at (202) 512-6906. [End of section] GAO Highlights: High-Risk Series Federal Aviation Administration Financial Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Transportation (GAO-03-108) Why Area is High Risk: The Federal Aviation Administration (FAA) lacked accountability for billions of dollars in assets and expenditures due to weaknesses in its financial reporting, property, and cost accounting systems. Substantial problems with the general accounting system required 850 adjustments totaling $41 billion in 2001. Weaknesses in property accounting meant the agency could not accurately and routinely account for property totaling $11.7 billion. Finally, FAA lacked the cost information necessary to make effective decisions about resource needs and adequately account for its activities and major projects, such as the air traffic control modernization program. What GAO Found: Since FAA financial management was designated high risk in 1999, FAA has made significant progress in addressing its financial accountability weaknesses. Three major systems initiatives in process are designed to address specific identified needs. However, these systems must be fully installed and effectively integrated with one another and with other FAA systems and tested in actual use. By the end of 2003, FAA expects to implement a new DOT departmentwide general accounting system called Delphi. This new system is designed to eliminate overall financial management deficiencies that limit FAA’s ability to report on and manage its assets and operations. In addition, as a component of its Delphi system, FAA expects to implement a new property accounting system module and complete the installation of a cost accounting system in 2003. The property system is needed to accurately and routinely account for FAA’s property, while the cost accounting system is required to assign basic financial costs to its program activities and projects. Subsequent to implementation, FAA’s financial statement audit will provide an assessment of the effectiveness of FAA’s new general accounting system, the reliability of its property amounts and related internal controls, and its ability to account for costs of its program activities and major projects. Until these systems are fully tested and assessed in actual integrated operations, the reliability of FAA’s financial information will remain uncertain. Diagram Showing Way in Which FAA’s New Systems [See PDF for image] Note: GAO diagram based on FAA information. [End of figure] What Remains to Be Done: FAA has made significant progress in improving the accuracy and reliability of its financial information. To continue this progress, it must implement and successfully integrate and test its new accounting systems in actual operational use, including * The new general accounting system module, * The new property accounting system module, * Its new cost accounting system. These changes are expected to be implemented by the end of 2003. www.gao.gov/cgi-bin/getrpt?GAO-03-108. For additional information about this high-risk area, click on the link above or contact Linda Calbom at (202) 512-9508 or calboml@gao.gov. [end of section] GAO Highlights: High-Risk Series Internal Revenue Service Financial Management Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of the Treasury (GAO-03-109) Why Area is High Risk: The Internal Revenue Service (IRS) is responsible for collecting about $2 trillion annually, or about 95 percent of the government’s revenue. However, IRS lacks the information it needs to measure the full cost of administering the Internal Revenue Code and to report meaningful, cost based performance information. Congress and IRS therefore lack the information to determine whether IRS has appropriate levels of funding and staff and is using its resources effectively. These issues concerning IRS’s financial management—a high-risk area since 1995— adversely affect the agency’s ability to effectively fulfill its responsibilities as the nation’s tax collector. What GAO Found: In fiscal year 2002, for the third consecutive year, IRS was able to produce annual financial statements that were reliable, in GAO’s opinion, and was able to produce the fiscal year 2002 financial statements 6 weeks after the end of the fiscal year. To achieve this, IRS made fundamental changes in how it processed transactions, maintained its records, and reported its results. However, this also required IRS to continue to rely on costly, resource-intensive processes to compensate for serious internal control and systems deficiencies. IRS has continued to act on and has shown strong commitment to resolving the financial management issues GAO has identified, and has made notable progress on several. In particular, IRS has worked aggressively to address issues not solely dependent on systems modernization for their resolution, and has made important progress in addressing deficiencies in controls over budgetary activity, accountability over property and equipment, taxpayer receipts and data, and computer security. At the same time, IRS recognizes that resolving a number of its financial management issues depends on the success of its systems modernization efforts. The challenge will be for IRS to continue the improvements made in recent years and, more importantly, to develop long-term solutions to address the internal control and systems deficiencies GAO has identified. IRS’s primary remaining internal control weaknesses are in the following areas: Accountability over property and equipment. IRS continues to lack an integrated property management system that records property acquisitions and disposals as they occur and links costs on accounting records to property records. Management of tax receipts and taxpayer data. IRS’s internal controls do not adequately protect against loss of tax receipts from theft and inappropriate disclosure of taxpayer information. Management of unpaid tax assessments. IRS continues to lack a subsidiary ledger for unpaid assessments that would allow it to produce timely and useful information. IRS employs a time- consuming, resource intensive process to produce an annual balance of taxes receivable and other unpaid assessments for its financial statements, but this balance is only reliable as of the last day of the fiscal year. Additionally, IRS continues to record erroneous and untimely information in taxpayer accounts, increasing the risk of unnecessary taxpayer burden. Computer security. IRS continues to have serious weaknesses in its computer security controls designed to protect its computing resources from unauthorized use, modification, loss, and disclosure. IRS has also not taken sufficient steps to ensure that computer security deficiencies identified at one facility are addressed at other facilities. What Remains to Be Done: GAO has provided IRS with management and operational recommendations that address (1) IRS’s systems modernization plans to resolve weaknesses in financial management systems and (2) needed improvements in controls over how IRS records transactions, maintains records, and reports financial results. We will continue to make recommendations as necessary. IRS’s management has worked actively to address these issues. However, resolving many of IRS’s most serious challenges will require a sustained, long-term commitment of resources, continued involvement of senior management, and sustained progress in systems modernization. www.gao.gov/cgi-bin/getrpt?GAO-03-109. For additional information about this high-risk area, click on the link above or contact Steven J. Sebastian at (202) 512-3406 or SebastianS@gao.gov. [end of section] GAO Highlights: High-Risk Series Medicare Program: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Health and Human Services (GAO-03-101) Why Area is High Risk: Since 1990, GAO has designated Medicare a high-risk program, vulnerable to waste, fraud, abuse, and mismanagement, in part because of the program’s vast size and complex administrative structure. Medicare covered about 40 million elderly and disabled Americans and cost about $241 billion in fiscal year 2001; program spending as a share of the economy is projected to double by 2035. Medicare’s steward, the Centers for Medicare & Medicaid Services (CMS), oversees claims administration contractors that operate the program’s fee-for-service component and health plans that enroll beneficiaries in the program’s managed care component, Medicare+Choice. While CMS has improved oversight of contractors and health plans in recent years, considerable management challenges remain. What GAO Found: CMS has made improvements in assessing the level of improper payments, collecting overpayments and conducting other financial activities, and building the foundation for modernizing its information technology. Nevertheless, much work remains to be done. Reducing improper payments. Since 1996, annual audits by the Department of Health and Human Services Office of the Inspector General have found that Medicare contractors have improperly paid claims worth billions of dollars. CMS has been working to better hold individual contractors accountable for claims payment performance and help them target remedial actions, but it does not expect to fully implement an initiative to measure performance before June 2003. Monitoring managed care plans. In 2001, auditors found that 59 of 80 health plans had misreported key financial data or had accounting records too unreliable to support their data, but CMS did not have a plan in place to resolve these issues. Improving financial management processes. Although CMS financial statements are achieving unqualified, or “clean,” opinions, the agency’s financial systems and processes do not routinely generate information that is timely or reliable and do not ensure that the confidentiality of sensitive information is adequately protected from unauthorized access or service disruption. Modernizing the agency’s information technology (IT). CMS’s processes for planning and managing systems development and implementation have certain shortcomings that put its IT modernization efforts at risk. We reported in September 2001 that CMS’s blueprint for modernization lacked sufficient detail and its process for managing IT investments was missing key review, approval, and evaluation steps. The agency has made progress in its planning, review, and approval procedures and has strengthened IT security requirements, but much more remains to be done to reduce significant risks. * Preparing for a new contracting environment. CMS’s claims administration contracting authority and practices (1) do not generally allow for full and open competition, (2) limit the contractor pool to health insurers, and (3) limit CMS’s ability to terminate contracts. If proposed competitive contracting legislation were enacted, managing the transition and adapting to new requirements would be a major challenge for CMS in the coming years. What Remains to Be Done: Because Medicare will play such a significant role in the nation’s fiscal future, prudence calls for taking steps to ensure that Medicare is professionally and efficiently managed. Achieving this goal will require CMS to improve oversight of Medicare’s claims administration contractors, management of the agency’s information technology initiatives, and the implementation of financial management processes across multiple contractors and agency units. www.gao.gov/cgi-bin/getrpt?GAO-03-101. For additional information about this high-risk area, click on the link above or contact Leslie G. Aronovitz at (312) 220-7600 or aronovitzl@gao.gov. [end of section] GAO Highlights: High-Risk Series Medicaid Program: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Health and Human Services (GAO-03-101) Why Area is High Risk: Medicaid, which pays for both acute health care and long-term care services for over 44 million low-income Americans, has been subject to exploitation. Financed jointly by the federal government and the states, Medicaid consists of more than 50 distinct “state” programs that together cost $228 billion in fiscal year 2001, accounts for more than 20 percent of states’ total expenditures, and is projected to double in spending in a decade. The federal government pays from half to more than three-fourths of a state’s total Medicaid expenditures. Growing concern about the program’s size, growth, and fiscal oversight has led GAO to add Medicaid to its 2003 list of high-risk programs. The Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS) is responsible for administering the program at the federal level, while the states administer their respective programs’ day-to-day operations. What GAO Found: Inadequate fiscal oversight has led to increased and unnecessary federal spending in the following ways: Schemes that leverage federal funds inappropriately. Using statutory and regulatory loopholes over the last decade, some states have created the illusion that they have made large Medicaid payments to certain providers, such as county health facilities, in order to generate excessive federal matching payments. In reality, the states have only momentarily made payments to these providers—generally through electronic funds transfers— and then required that the payments be returned. Some of these schemes have cost the federal government several billions of dollars each year. Although the Congress and CMS have repeatedly acted to curtail abusive financing schemes when they have come to light, schemes continue to emerge and require ongoing oversight. Waiver programs that inappropriately increase the federal government’s financial liability. The Secretary of HHS has authority to waive certain statutory provisions and allow states to test new ideas for delivering services and expanding coverage. Waiver programs must be “budget neutral,” in that they do not increase federal financial liability beyond what it would have been without these programs. Since the mid-1990s, HHS has permitted states to use questionable methods to demonstrate budget neutrality for changes estimated to increase federal costs. For example, two states’ waivers approved in 2002 are estimated to cost the federal government an extra $330 million or more. HHS is currently considering approval of similar waivers by additional states. Inappropriate billing by providers serving program beneficiaries. Medicaid, like other health care payers, is vulnerable to waste, fraud, and abuse by providers who submit inappropriate claims. While CMS has initiated steps to improve financial reviews of Medicaid, its efforts are in the planning and early implementation stages and will require continued oversight. Efforts on the part of states to identify billing errors and abuses have been generally limited and only modestly funded. The hundreds of millions of dollars in improper payments that a few states have identified suggests that these and other states have the potential to save hundreds of millions more through increased efforts to safeguard program payments. What Remains to Be Done: CMS should (1) ensure that the federal government pays only its correct share of valid program expenditures, (2) develop better methods to assess the costs of state-proposed program alternatives, and (3) strengthen federal and state fiscal oversight. www.gao.gov/cgi-bin/getrpt?GAO-03-101. For additional information about this high-risk area, click on the link above or contact Kathryn G. Allen at (202) 512-7118. [end of section] GAO Highlights: High-Risk Series Earned Income Credit Noncompliance: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of the Treasury (GAO-03-109) Why Area is High Risk: The Internal Revenue Service (IRS) administers the earned income credit, a refundable federal income tax credit for low-income working individuals and families. The credit reduces the amount of federal tax owed and can result in a refund check. There are significant compliance problems associated with the credit. IRS estimates that billions of dollars in credits claimed by taxpayers should not have been paid. Because IRS has struggled to reduce overclaims and because of the magnitude of the financial risk, earned income credit noncompliance—a high-risk area since 1995—continues to be high-risk. What GAO Found: IRS estimates that of the $31.3 billion in earned income credits claimed by taxpayers in tax year 1999, about $8.5 to $9.9 billion should not have been paid. Furthermore, efforts to reduce earned income credit noncompliance over the past 5 years have produced little change. Certain features of the credit represent a trade-off between compliance and other desired goals. Unlike other income transfer programs, such as Food Stamps, the earned income credit was designed to be administered through the tax system. Accordingly, while other income transfer programs have staff that independently certify the eligibility of applicants, administration of the credit relies more directly on the self-reported qualifications of individuals. This approach generally should result in lower administrative costs and possibly higher participation rates but may also contribute to overclaims. The IRS Commissioner and the Treasury Assistant Secretary for Tax Policy have convened a high- level Treasury/IRS task force to develop recommendations to better administer the credit and make it easier for taxpayers to comply with the rules. Earned Income Credit Claims and Estimated Potential Overclaims for Tax Year 1999 [See PDF for image] [End of figure] What Remains to Be Done: IRS needs to: in conjunction with Treasury, ensure that the earned income credit task force completes work on recommendations to better administer the credit, and implement task force recommendations to deal with noncompliance and resulting erroneous refunds. www.gao.gov/cgi-bin/getrpt?GAO-03-109. For additional information about this high-risk area, click on the link above or contact Norm Rabkin at (202) 512-9110 or rabkinn@gao.gov. [end of section] GAO Highlights: High-Risk Series Collection of Unpaid Taxes: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of the Treasury (GAO-03-109) Why Area is High Risk: Taxpayers’ willingness to voluntarily comply with the tax laws depends in part on their confidence that their friends, neighbors, and business competitors are paying their fair share of taxes. Many view the Internal Revenue Service’s (IRS) compliance and collection programs as critical to providing that confidence. For the last several years, Congress and others have been concerned that the declines in IRS’s compliance and collections programs are eroding taxpayers’ confidence in the fairness of our tax system. Because of the potential revenue losses and the threat to voluntary compliance, collection of unpaid taxes— a high-risk area since 1990—continues to be high-risk. What GAO Found: In testimonies and reports, GAO has highlighted large and pervasive declines in IRS’s compliance and collections programs. These programs include computerized checks for nonfiling and underreported income, audits, and telephone and field collections. Between 1996 and 2001 the programs generally experienced growing workloads, decreased staffing, and decreases in the number of cases closed per employee. By the end of fiscal year 2001, IRS was deferring collection action on about one out of every three tax delinquencies assigned to the collections programs. By the end of fiscal year 2002, IRS had an inventory of unpaid taxes with a collection potential of about $100 billion. In May 2002 congressional hearings, the IRS Commissioner said that IRS was not providing taxpayers with adequate assurance that their neighbors or competitors were complying with the tax laws and paying what they owed. To reverse these trends, IRS is in various stages of planning and implementing a management improvement strategy, including efforts to improve the productivity of IRS’s existing compliance and collections staff and better target noncompliance. To improve productivity, IRS has begun work to reengineer its compliance and collections processes, modernize its technology, and develop better information on the costs and benefits of its compliance activities using a centralized cost accounting system that is planned for implementation in late 2003. Better targeting of noncompliance requires better information. IRS’s new effort to review compliance, the National Research Program, should, if implemented as planned, provide IRS with the first up-to-date information on compliance rates and sources of noncompliance since it last measured the compliance rate using 1988 tax returns. Audit Rates Have Declined [See PDF for image] [End of figure] What Remains to Be Done: * Reengineer compliance and collections programs. * Acquire and analyze data on noncompliance by continuing to implement the National Research Program as planned. * Ensure that the planned centralized cost accounting system is effectively implemented and that its data is used to analyze the costs and benefits of compliance activities. www.gao.gov/cgi-bin/getrpt?GAO-03-109. For additional information about this high-risk area, click on the link above or contact Norm Rabkin at (202) 512-9110 or rabkinn@gao.gov. [end of section] GAO Highlights: High-Risk Series Department of Defense Support Infrastructure Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: Since 1997, GAO has identified the Department of Defense’s (DOD) management of infrastructure as a high-risk area because DOD’s infrastructure costs continue to consume a larger than necessary portion of DOD’s budget. DOD has been concerned for a number of years over the amount of funding devoted to its support infrastructure and the impact on its ability to devote more funding to weapon system modernization and other critical needs. What GAO Found: Infrastructure management, which GAO first identified as a high- risk area in 1997, continues to present major challenges to DOD. The department defines infrastructure as those activities that provide support services to mission programs, such as combat units. DOD’s infrastructure categories include installations, communications and information infrastructure, science and technology programs, acquisition infrastructure, central logistics, the Defense Health Program, central personnel administration and benefits programs, central training, departmental management, and other selected infrastructure programs such as support of DOD intelligence and air traffic control activities. GAO’s past and current work in this area indicates that DOD continues to spend a larger portion of its budget than desired on infrastructure—nearly 46 and 44 percent, respectively, in fiscal years 2001 and 2002; lacks an overarching strategy to improve its business practices; and faces a challenge in adequately maintaining and revitalizing the facilities it expects to retain for future use. For example, GAO’s recent review of the physical condition of recruit barracks confirmed DOD’s assertion that its facilities have been long neglected and underfunded. Additionally, GAO’s analysis of DOD data contained in its fiscal year 2002 annual report and fiscal year 2003 future years defense program showed that approximately $151 billion (44 percent) of DOD’s $345 billion allocated to mission and support activities was spent on infrastructure in fiscal year 2002. DOD plans an additional base closure round in 2005; this could enable it to devote its facility resources on fewer, more enduring facilities. With or without future base closures, DOD faces the challenge of adequately maintaining and revitalizing the facilities it expects to retain for future use. Available information indicates that DOD’s facilities continue to deteriorate because of insufficient funding for their sustainment, restoration, and modernization. To its credit, DOD has highly emphasized the reform of its support infrastructure to include an emphasis on the transformation of its associated business processes in recent years. These reforms include acquisition and financial management reform, logistics reengineering, public- private competitions under the Office of Management and Budget’s Circular A-76 process, and elimination of unneeded facilities infrastructure. However, many key reforms that may have the greatest impact on managing the support infrastructure and reducing costs are long term in nature and will require many years to be fully implemented. What Remains to Be Done: Organizations throughout DOD need to continue reengineering their business processes and striving for greater operational effectiveness and efficiency. DOD needs to develop a plan to better integrate, guide, and sustain the implementation of its diverse business transformation initiatives in an integrated fashion. DOD also needs to develop a comprehensive long-range plan for its facilities infrastructure that addresses facility requirements, recapitalization, and maintenance and repair needs. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Henry L. Hinton, Jr. at (202) 512-4300 or hintonh@gao.gov. [end of section] GAO Highlights: High-Risk Series Department of Defense Inventory Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: Since 1990, GAO has identified the Department of Defense’s (DOD) management of secondary inventories (spare and repair parts, clothing, medical supplies, and other items to support the operating forces) as high risk because inventory levels were too high and management systems and procedures were ineffective and wasteful. Many of these same weaknesses regarding excess inventories and the lack of economy, efficiency, and effectiveness in DOD’s inventory management practices still exist today. What GAO Found: Inefficient inventory management practices represent one of the most serious weaknesses in DOD’s logistics operations. While DOD’s inventory value for the last 10 years has been declining, GAO’s past and current work in this area indicates that DOD continues to store unnecessarily large amounts of material; purchases material for which there is no valid requirement; experiences equipment readiness problems because of a lack of key spare parts; and maintains inadequate visibility over material being shipped to and from military activities. About half of DOD’s $63 billion secondary inventory exceeds war reserve or current operating requirements. One of the more serious and long-standing inventory management weaknesses that GAO has been reporting on for over a decade is the department’s inability to maintain adequate control over material being shipped between contractor facilities and DOD activities or between DOD activities. For example, in July 2002, GAO reported that the Air Force had not properly controlled or maintained effective accountability over material reportedly valued at about $567 million that had been shipped to contractors for repair or use in the repair process. While almost half of DOD’s inventory is excess to its current war reserve and operating requirements, GAO has consistently reported that the department has experienced equipment readiness problems because of shortages of key spare parts. In an attempt to alleviate these shortages, the Congress allocated $1.1 billion in supplemental appropriations to DOD in fiscal year 1999. GAO reported, however, that DOD’s financial reporting systems do not provide reasonable assurance that these funds are being used to purchase spare parts. Each of the services has a planned number of initiatives to address these shortages. Additionally, DOD has initiatives planned or underway to modernize its supply support management information systems and has submitted financial reports in response to prior recommendations. Rates at Which Selected Aircraft Were Reported as Not Mission Capable due to Supply Problems (in percent) [See PDF for image] Source: GAO. Note: Analysis of Navy and Air Force data based on work completed in July 2001. [End of table] What Remains to Be Done: The long-term solution to this high-risk area necessitates that the DOD reengineer its entire logistics operations to include the development of a long-range strategic vision and a departmentwide, coordinated approach for logistics management. In the short term, however, GAO recommends that the department reduce excess inventories, (2) eliminate material purchases for which no valid requirement exists, establish better controls and visibility over material shipped to and from military activities, (4) take actions to address key spare parts shortages, (5) better track how it spends its funds for spare parts, (6) correct information systems weaknesses, and (7) adopt specific industry-proven best practices for improving inventory management. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Henry L. Hinton, Jr. at (202) 512-4300 or hintonhj@gao.gov. [end of section] GAO Highlights: High-Risk Series HUD Single-Family Mortgage Insurance and Rental Housing Assistance Programs: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Housing and Urban Development (HUD) (GAO-03-103) Why Area Is High Risk: HUD manages about $550 billion in insurance and $19 billion per year in rental assistance. To do this, HUD relies on the performance and integrity of thousands of third parties, including about 7,500 lenders that process mortgage insurance; about 4,500 public housing agencies that administer rental assistance programs; and about 22,000 property owners who provide rental housing. HUD’s single-family mortgage insurance and rental housing assistance program areas are high risk because of weaknesses that include HUD’s oversight and monitoring of lenders, appraisers, and contractors, and ensuring compliance with HUD’s housing quality standards. Because of these weaknesses, evidence of fraud, and the variety of challenges HUD faces in implementing corrective actions, the program areas remain at high risk. What GAO Found: GAO originally designated HUD’s programs as high risk in 1994 due to serious, long-standing, departmentwide management problems. Following several years of effort by HUD to address these problems, in January 2001, GAO redefined and reduced the number of HUD programs deemed to be high risk. HUD has continued to make progress in addressing identified weaknesses in the high-risk program areas. HUD’s progress includes implementation of new processes to allow the review of lenders and appraisers and new incentives to improve the performance of property disposition contractors in its single-family programs. However, many of HUD’s strategies for resolving problems in its high-risk program areas represent new initiatives in the early stages of implementation, and evidence shows that significant problems remain. In its rental housing assistance programs, implementation of a new assessment system for public housing agencies has been delayed; correcting housing quality violations remains problematic; and HUD estimates that rental assistance overpayments—some $2 billion out of $19 billion in assistance in fiscal year 2000—are greater than previously estimated. Additionally, HUD’s three major management challenges—human capital management, acquisitions management, and programmatic and financial management information systems —cut across both program areas and contribute to the high- risk designations. HUD is in the early stages of developing measures to resolve these deficiencies. For example, HUD has not yet developed a comprehensive strategy to resolve serious, long-standing programmatic and financial management information system deficiencies. Because significant challenges remain, GAO is maintaining the department’s single-family mortgage insurance and rental housing assistance program areas as high risk at this time. [See PDF for image] [End of figure] What Remains to Be Done: HUD needs to improve management and oversight of its single- family mortgage insurance programs to reduce risk of losses from loan defaults or fraud; and ensure that its rental housing assistance programs operate effectively and efficiently, specifically that assistance payments are accurate, recipients are eligible, assisted housing meets quality standards, and contractors perform as expected. www.gao.gov/cgi-bin/getrpt?GAO-03-103. For additional information about this high-risk area, click on the link above or contact Thomas J. McCool at (202) 512-8678 or mccoolt@gao.gov. [end of section] GAO Highlights: High-Risk Series Student Financial Aid Programs: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Education (GAO-03-99) Why Area is High Risk: Federal grant and loan programs provide over $50 billion annually to students to finance their postsecondary education. Millions of dollars in loans and grants have been disbursed to ineligible students because of internal control weaknesses. Further, while default rates have fallen, the amount of defaulted student loan dollars has remained high. Finally, with the exception of 1997, Education has not received an unqualified—or “clean”—opinion on its financial statements since its first agencywide audit in 1995. What GAO Found: Since being designated high risk in 1990, Congress and Education have made considerable changes to address ongoing management challenges. Congress established Education’s Office of Federal Student Aid (FSA) as a performance-based organization and Education created a team of senior managers to address key financial and management problems throughout the agency. Progress is occurring, but the following problems remain. Information to assess systems integration progress is not yet readily available. FSA has selected a viable, industry- accepted means for integrating its systems. FSA, however, will need to develop clear goals and measures in its performance plan and better demonstrate its progress in achieving systems integration. Weaknesses in financial management and internal controls remain. Education has made progress improving its financial management; however it needs to implement corrective actions to ensure that relevant, reliable, and timely, financial information is available. Education also needs to address its internal control weaknesses to prevent improper and erroneous payments. Plans and reports are unclear about how default management goals will be achieved. FSA has developed several goals to prevent and collect defaulted student loans, but its plans and reports provided limited information about the actions it will take to achieve them. Continued focus on human capital management is needed. Education has developed a comprehensive human capital plan that incorporates FSA. This plan outlines specific steps and time frames for improving its human capital management, but Education will need to continuously focus on implementation of the plan to achieve results. Amount of Student Loan Dollars in Default Remains High [See PDF for image] Note: Balances include principal, interest, late fees, and administrative charges for defaulted loans under both the Federal Family Education Loan and Federal Direct Loan Programs. [End of figure] What Remains to Be Done: GAO believes the Department should: continue with systems integration and improve its plans and reports to better demonstrate its progress, make comprehensive improvements to address financial management and internal control weaknesses, improve plans and reports to clearly explain strategies for achieving default management goals, and continue implementation of strategic human capital measures, including succession planning and staff development. www.gao.gov/cgi-bin/getrpt?GAO-03-99. For additional information about this high-risk area, click on the link above or contact Cynthia M. Fagnoni at (202) 512-7215 or fagnonic@gao.gov. [end of section] GAO Highlights: High-Risk Series Department of Defense Weapon Systems Acquisition: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: Acquiring high performance weapons is central to the Department of Defense’s (DOD) ability to fight and win wars. Also, DOD’s investment in weapons is growing rapidly— from $110 billion in fiscal year 2002 to about $157 billion by fiscal year 2007—as DOD pushes to transform itself to meet a new range of threats. Nevertheless, while DOD’s acquisition process has produced the best weapons in the world, it also routinely yields undesirable outcomes—cost increases, schedule delays, and performance shortfalls. Consequently, GAO has designated this as a high-risk area since 1990. What GAO Found: DOD continues to experience problems in developing and acquiring weapon systems. GAO has consistently found that acquisitions take a much longer time and cost much more than originally anticipated, causing disruptions to DOD’s overall investment strategy and significantly reducing its buying power. Programs are also at risk because they are moving forward with immature technologies and/or they are using late stage tests as a vehicle for discovering problems that should have been identified and addressed much earlier. Such problems were evident, for example, in GAO’s reviews of DOD’s Joint Strike Fighter, V-22 aircraft, F-22, and other programs. In addition, DOD and the military services often do not consider options to acquire systems jointly to avoid costly duplication and interoperability problems. This was particularly apparent in efforts to acquire new sensor-to-shooter systems, antiarmor munitions, and combat identification systems. Many of the problems GAO has uncovered are rooted in DOD’s environment and its culture. The acquisition process tends to assert pressures on programs to promise more than they can deliver and to push programs forward without sufficient knowledge about a weapon’s technology, design, and production. The intense competition to get programs approved and funded encourages setting requirements that will make the proposed weapon system stand out from others. In addition, DOD officials who establish requirements often aim for the most capability possible, since it may be many years before they get another opportunity to acquire a new weapon system of the same type. This has led to overpromising capabilities and underestimating costs. DOD is changing its policies to achieve better outcomes. It has focused primarily on (1) ensuring technologies are demonstrated to a high level of maturity before beginning a weapon system program, (2) taking an evolutionary, or phased, approach to developing a system, and (3) making more realistic cost estimates in programs. These are positive steps that should help curb incentives to overpromise the capabilities of new weapon systems and lead to more realistic cost estimates when pricing programs. Implementation on individual programs will be the measure of the policies’ success, but early experience has been mixed, underscoring the challenge DOD managers face in translating the policies into better program outcomes. Various Weapon Systems [See PDF for image] [End of figure] What Remains to Be Done: GAO has recommended that DOD take additional steps to achieve outcomes on par with leading organizations. These include planning product development so that design and manufacturing decisions are based on better data, ensuring testing does not get deferred until late in the development cycle, and considering joint mission needs in establishing weapon requirements. These steps should be taken in tandem with providing a better environment for starting and managing weapons programs—one that more closely resembles the knowledge-based process followed by leading organizations. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Jack L. Brock, Jr. at (202) 512-4841 or brockj@gao.gov. [end of section] GAO Highlights: High-Risk Series: Department of Defense Contract Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Defense (GAO-03-98) Why Area is High Risk: The Department of Defense (DOD), the government’s largest purchaser, spent nearly $163 billion in fiscal year 2001 for goods and services to equip, maintain and support military forces, but it is unable to ensure that it is acquiring goods and services as efficiently as possible. Further, between fiscal years 1994 and 2001, DOD contractors have refunded $6.7 billion in overpayments. Also, DOD’s health care contracting, involving about $5 billion annually, is overly complicated and prescriptive and is unstable. Contributing to DOD’s contract management problems, DOD’s acquisition workforce has been cut in half over the past 10 years. What GAO Found: Since being designated high risk in 1992, DOD has worked to improve and streamline its acquisition practices as it adjusts to a changing acquisition environment. DOD’s senior leadership is committed to improving its acquisition of services; and DOD has achieved some positive results in improving its payment processes for goods and services, is attempting to address health care contracting problems, and has made progress in laying a foundation for reshaping its acquisition workforce. The following problems remain. Improving DOD’s acquisition of services. Too often requirements are not clearly defined or alternatives fully considered. DOD does not have a strategic plan that integrates or coordinates ongoing initiatives or that provides a road map for future efforts. Assuring the appropriate use of contracting techniques and approaches. While efforts to streamline acquisition processes have been made, DOD missed out on opportunities to generate savings, reduce administrative burdens, and enhance outcomes for its acquisitions due to unclear guidance, poor internal controls, and improperly trained personnel. As a result, DOD (1) had mixed results in incorporating performance-based attributes into contracts, (2) is vulnerable to fraud in its purchase and travel card programs, and (3) negotiated prices for goods and services using approaches that did not always promote competition and ensure fair and reasonable prices. Overcoming long-standing contract payment issues. DOD continues to be challenged in ensuring prompt, proper, and accurate payments for goods and services. Payment errors are attributable to problems such as not adjusting payments for changed contract requirements and paying the same invoice twice. Managing DOD’s contracts for health care. DOD’s contracting approach for TRICARE and numerous adjustments to the contracts had created an unstable program. DOD also faces challenges in jointly contracting with the Veterans Administration for medical and surgical supplies due to different approaches in standardization and the lack of accurate and reliable procurement data. Improving the acquisition workforce. DOD faces serious imbalances in the skills and experience of its current workforce and the potential loss of highly specialized knowledge if many of its acquisition specialists retire. Strategic Approach Leading Companies Take in Acquiring Services Secure up-front commitment from top leaders Create supporting structure processes and roles Obtain improved knowledge of service spending Enable success through leadership, communication and metrics Source: GAO. [end of table] What Remains to Be Done: GAO’s reports on DOD’s contract management have recommended that DOD take the following steps. Use a strategic approach to improve its acquisition of services. Give priority management attention at all DOD levels to improve and use appropriate contracting techniques and approaches. Develop fundamental controls over contractor debt and overpayments. Ensure a seamless transition under new health care contracts. Take a strategic view of human capital and build on initial efforts to reshape DOD’s acquisition workforce. www.gao.gov/cgi-bin/getrpt?GAO-03-98. For additional information about this high-risk area, click on the link above or contact Jack L. Brock, Jr. at (202) 512-4841 or brockj@gao.gov. [end of section] GAO Highlights: High-Risk Series: Department of Energy Contract Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the Department of Energy (GAO-03-100) Why Area is High Risk: The Department of Energy, the largest non-Defense contracting agency in the federal government, relies primarily on contractors to carry out its diverse missions and operate its laboratories and other facilities. About 90 percent of DOE’s annual budget is spent on contracts. DOE’s history of both inadequate management and oversight and failure to hold its contractors accountable has resulted in the high-risk designation for contract management since 1990. What GAO Found: DOE’s contract management, broadly defined to include contract administration and project management, continues to be a significant challenge for the department and remains at high risk for fraud, waste, abuse, and mismanagement. In a January 2001 report on DOE’s major management challenges, GAO reported ongoing problems with DOE’s approach to selecting an appropriate contract type, using competition to award contracts, incorporating performance-based measures into contracts, and minimizing cost and schedule overruns on major projects. DOE has made progress in addressing these problems. However, contractor performance problems continue to occur at DOE’s laboratories and facilities. Objective performance information is scarce; DOE primarily measured progress in implementation of contract reform initiatives rather than measuring performance results. Nevertheless, there are indications that the performance of DOE’s contractors may not have improved. For ongoing major DOE projects, GAO found there was no significant improvement in cost or schedule performance from 1996 to 2001. In both 1996 and 2001, more than half of the projects reviewed showed both cost increases and schedule delays. Furthermore, as shown below, the proportion of projects experiencing cost growth of more than double the initial cost estimates or schedule delays of 5 years or more has increased. In an effort to improve cost and schedule performance on major projects, DOE issued new policy and guidance on managing and controlling projects in 2000, and in 2001 established a project tracking system that required monthly status reporting on all projects with total project costs over $5 million. DOE also has efforts under way to address skill gaps in its procurement and project management organizations and to develop the necessary technical and managerial expertise for adequate oversight of its contractors through training and certification programs. Over the long term, DOE may resolve the challenges in its contract management. However, the benefits of its improvement initiatives may take years to fully realize. Until then, these ongoing challenges can increase the government’s costs and expose the government to billions of dollars of financial risks. Comparison of Significant Cost Overruns and Schedule Delays for Ongoing Projects in 2001 with Ongoing Projects in 1996 [See PDF for image] [End of table] What Remains to Be Done: To better ensure the effectiveness of its management improvement initiatives, such as contract reform, GAO recommended that DOE incorporate the management practices common in high-performing organizations. This approach would include the key elements of (1) clearly defined goals, (2) an implementation strategy that sets milestones and establishes responsibility, (3) results- oriented outcome measures, and (4) a mechanism that uses results-oriented data to evaluate the effectiveness of the department’s initiatives and to take corrective action as needed. www.gao.gov/cgi-bin/getrpt?GAO-03-100. For additional information about this high-risk area, click on the link above or contact Robert Robinson at (202) 512-3841 or robinsonr@gao.gov. [end of section] GAO Highlights: High-Risk Series: National Aeronautics and Space Administration Contract Management: Highlights of a high-risk area discussed in GAO’s Performance and Accountability Series report on the National Aeronautics and Space Administration (GAO-03-114) Why Area is High Risk: Much of NASA’s success depends on the work of its contractors— on which it spends over $12 billion a year. Since 1990, we have identified NASA’s contract management function as an area at high risk, principally because it has lacked accurate and reliable financial and management information on contract spending, and it has not placed enough emphasis on end results, product performance, and cost control. Since financial and contract problems threaten the success of NASA’s major programs, we believe contract management continues to be high risk. What GAO Found: Our reports and testimonies have demonstrated just how debilitating weaknesses in contract management and oversight can be to important space programs. Our July 2002 report on the International Space Station, for example, found that the National Aeronautics and Space Administration (NASA) did not effectively control costs or technical and scheduling risks, provide adequate oversight review, or effectively coordinate efforts with its partners. As a result, NASA has had to make drastic cutbacks in the space station’s capabilities. In recent years, NASA has addressed many acquisition-related weaknesses. For example, it has developed systems to provide oversight and information needed to improve contract management. It has made progress in evaluating procurement functions in its field centers. And it is reducing its use of unnegotiated (i.e., uncosted) contract changes. Moreover, NASA is now beginning to tackle one of its most formidable barriers to sound contract management—the lack of a modern, integrated financial management system. NASA’s financial management environment is currently comprised of decentralized, nonintegrated systems with policies, procedures, and practices that are unique to its field centers. Because its systems cannot easily exchange data, it is difficult to ensure that contracts are being efficiently and effectively implemented and that budgets are executed as planned. According to NASA, the planned new system will be fully integrated, and it will provide complete cost information to agency management for more fully informed decision-making. NASA faces considerable challenges in adequately implementing contract management improvements. It is only in the early stages of implementing its new financial management system, for example, and NASA reported it is already facing challenges in terms of cost, security, and interoperability. Moreover, NASA has not yet ensured that contractors uniformly provide cost data at a level that will give managers the information they need to make trade-off decisions, although they have begun taking actions to improve the data available for some large programs. Furthermore, NASA has not yet effectively shifted management attention away from yearly budgets to total costs. Ultimately, to improve contract management and oversight, NASA will need to transform its financial management organization so that it better supports its core mission. Right now, finance is not viewed as intrinsic to NASA’s program management decision process, nor does it focus on what “could” and “should” take place from an analytical cost-planning standpoint. Making this kind of transformation will be difficult because it will require NASA to change its culture and long-standing ways of doing business. But the need for deeper reform is paramount since financial and contract management problems threaten the success of virtually every major program. What Remains to Be Done: To further improve contract management, NASA needs to successfully complete its design and implementation of a new financial management system. Moreover, it will need to transform its operations to better support its core mission. This entails ensuring that NASA has the right data to oversee its programs and contracts— specifically data that will allow comparisons of actual costs to estimates; finding ways to shift management attention away from yearly budgets to total costs; and strengthening NASA’s financial organization to better support the agency’s mission and goals. www.gao.gov/cgi-bin/getrpt?GAO-03-114. For additional information about this high-risk area, click on the link above or contact Allen Li at 202-512-4841 or lia@gao.gov. [End of section] Performance and Accountability and High-Risk Series: Major Management Challenges and Program Risks: A Governmentwide Perspective. GAO-03-95. Major Management Challenges and Program Risks: Department of Agriculture. GAO-03-96. Major Management Challenges and Program Risks: Department of Commerce. GAO-03-97. Major Management Challenges and Program Risks: Department of Defense. GAO-03-98. Major Management Challenges and Program Risks: Department of Education. GAO-03-99. Major Management Challenges and Program Risks: Department of Energy. GAO-03-100. Major Management Challenges and Program Risks: Department of Health and Human Services. GAO-03-101. Major Management Challenges and Program Risks: Department of Homeland Security. GAO-03-102. Major Management Challenges and Program Risks: Department of Housing and Urban Development. GAO-03-103. Major Management Challenges and Program Risks: Department of the Interior. GAO-03-104. Major Management Challenges and Program Risks: Department of Justice. GAO-03-105. Major Management Challenges and Program Risks: Department of Labor. GAO-03-106. Major Management Challenges and Program Risks: Department of State. GAO-03-107. Major Management Challenges and Program Risks: Department of Transportation. GAO-03-108. Major Management Challenges and Program Risks: Department of the Treasury. GAO-03-109. Major Management Challenges and Program Risks: Department of Veterans Affairs. GAO-03-110. Major Management Challenges and Program Risks: U.S. Agency for International Development. GAO-03-111. Major Management Challenges and Program Risks: Environmental Protection Agency. GAO-03-112. Major Management Challenges and Program Risks: Federal Emergency Management Agency. GAO-03-113. Major Management Challenges and Program Risks: National Aeronautics and Space Administration. GAO-03-114. Major Management Challenges and Program Risks: Office of Personnel Management. GAO-03-115. Major Management Challenges and Program Risks: Small Business Administration. GAO-03-116. Major Management Challenges and Program Risks: Social Security Administration. GAO-03-117. Major Management Challenges and Program Risks: U.S. Postal Service. GAO-03-118. High-Risk Series: An Update. GAO-03-119. High-Risk Series: Strategic Human Capital Management. GAO-03-120. High-Risk Series: Protecting Information Systems Supporting the Federal Government and the Nation’s Critical Infrastructures. GAO-03-121. High-Risk Series: Federal Real Property. GAO-03-122. FOOTNOTES [1] U.S. General Accounting Office, High-Risk Series: An Update, GAO- 01-263 (Washington, D.C.: Jan. 2001). [2] U.S. General Accounting Office, Determining Performance and Accountability Challenges and High Risks, GAO-01-159SP (Washington, D.C.: Nov. 2000). [3] U.S. General Accounting Office, Major Management Challenges and Program Risks: Social Security Administration, GAO-03-117 (Washington, D.C.: Jan. 2003). [4] U.S. General Accounting Office, Major Management Challenges and Program Risks: Department of Justice, GAO-03-105 (Washington, D.C.: Jan. 2003); and Major Management Challenges and Program Risks: Department of the Treasury, GAO-03-109 (Washington, D.C.: Jan. 2003). [5] U.S. General Accounting Office, Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets, GAO- 02-231T (Washington, D.C.: Nov. 9, 2001); and Computer Security: Progress Made, but Critical Federal Operations and Assets Remain at Risk, GAO-03-303T (Washington, D.C.: Nov. 19, 2002). [6] Total beneficiaries represents the sum of participants in each program and does not account for potential participation in more than one program. [7] This value does not include stewardship assets--such as wilderness areas, scenic river systems, and monuments. [8] U.S. General Accounting Office, Medicaid and SCHIP: Recent HHS Approvals of Demonstration Waiver Projects Raise Concerns, GAO-02-817 (Washington, D.C.: July 12, 2002). GAO’s Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO’s Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: